CyberWire Daily - The Unseen World [Cyber Things]
Episode Date: December 3, 2025Enjoy this episode of Cyber things from Armis. Catch the next episode on your favorite podcast app on December 15th. Welcome to Cyber Things, a special edition podcast produced in partnership by A...rmis and N2K CyberWire that plunges into the hidden world beneath our connected reality. Inspired by Stranger Things, we explore the digital realm's own Upside Down - a space teeming with unseen devices, silent intruders, and invisible threats that quietly impact our everyday lives. In this first episode, we tackle the core challenge of modern defense: seeing the unseen. Rebecca Cradick, VP of Global Communications at Armis, is joined by Kam Chumley-Soltani, Director of OT Solutions Engineering at Armis. They discuss what it truly takes for cybersecurity professionals to achieve full visibility and how early intelligence acts as a crucial barrier, stopping a devastating cyber storm before it breaks through the gate. Tune in now to hear how defenders are fighting back against the digital demons that lurk in the shadows. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Step into the digital Upside Down with Cyber Things,
Armis' new three-part podcast series,
which will dive into the unseen world of cybersecurity.
From real-life hacks to the digital shadows of the dark web,
we connect pop culture and protection, fear and control.
Episode one drops soon, so look out for Cyber Things in partnership with Cyberwire.
Welcome to Cyber Things.
This is a short series from our normal bad actors podcast.
We're in a homage to Stranger Things.
We're exploring the hidden world beneath our connected reality.
And just like Stranger Things, the digital world
has its own upside down, a place of unseen devices, silent intruders, and invisible threats.
I'm Rebecca Craddick. I'm the Vice President of Global Communications here at Armis.
And for this short series, we're going to be talking to some of our iOS cybersecurity professionals
and massive Stranger Things fans who are wanting to talk about the digital demons that lurk in
the shadows. For my first episode, I am joined by Cam Chum Lee Sultani, our director of OT Solutions
Engineering at Armis. Cam, welcome to Cyber Things.
Thank you so much. I'm excited about this. Rebecca, when you reached out, I was giddy on my chair. This was a no brainer. So I love it. It's fun. And when you mentioned Stranger Things, I was like, sign me up, no hesitation. Perfect. That's what we love. We want something a little bit different than our normal programming discussion. So before we dive into sort of more of the cyber things, Stranger Things is a few weeks away. Are you excited? I am.
Chaos. It's chaos everywhere. I'm literally on the edge of my seat. So it's funny, like, as you brought this up, and we agree.
to do this. There were so many parallels.
So it's going to be a good conversation for sure.
I know. It 100% is. And look, even if you're not a Stranger Things fan, I think people will
indefinitely in cybersecurity and in the market that we work in every day, I think people
will really resonate with this concept. And I'm hoping it will provoke a lot of debate within
our specific cybersecurity community as well. So let's get into this. We are in November,
2025 has been absolutely crazy.
And we say this every year.
We get to the end of the year.
I think, oh, that was an extraordinary year of threats,
of hacks, of, you know, uncovering of, of, you know,
things that are going on around the world.
But this year particularly, it seems to have been a lot worse than previous years.
And I want to talk specifically to you about critical infrastructure
because this is your specialist and this is what you look after
from a customer perspective at Army.
do you think this has been the worst year for targeting critical infrastructure?
And what do you think that has looked like in terms of how customers have had to start
really thinking about connecting their devices in that world?
Yeah, 100%.
I think not only from a strategic level, but even from a technical level, we see digital
convergence coming up more and more and more and more.
And maybe we're 10 years ago, you had a lot of what we called operational technology
and set on the stage for everybody.
These are things not just business computers, and we call the carpeted space, but even things like devices that are programmed to make something go up or down, faster, slower, hotter, colder.
So when we say critical infrastructure, we're talking about things like water utilities, electric utilities, pharmaceutical companies, rail, aviation, you name it, anything that has real kinetic effects in the world.
When we say operational technology or cruel infrastructure, that's what we're referring to.
And to your point, Rebecca, I feel like every year we finish, and it's like, who, that was a year.
Surely it can't get any crazier next year, and then it happens.
So to answer your question, I mean, there's been a couple massive attacks already in critical infrastructure specifically.
And what we're really seeing is because the convergence of IT and OT and more devices now having internet access or being IP related and not necessarily serial, what that means as we're becoming more digital.
is with it comes additional attack factors.
And we're seeing that time and time again.
And there's actually a couple big attacks
that we could touch on today.
Yeah.
And I want to talk to you about specifically about that
and try and give some guidance to our audience
of how we need to think about it
as we go into 2026.
But it's interesting because, you know,
you mentioned a few things.
We hear a lot of noise about, you know,
digital transformation, IT-O-T convergence,
where threats actually come from,
the unseen devices that sit
on your network, a bit like Stranger Things, there's a lot lurking in the shadows.
Yeah, 100%.
And a lot of stuff we talk about are amiss.
And, you know, within the community is this fundamental parallel of understanding everything,
seeing the unseen, making sure that you understand where every single device has been
connected in the impact it has.
Why is that so important?
Why is that rogue device that's sitting on a network that is just a harmless IOT camera or a
harmless little mobile. If that's in the corporate network, why is that so important to be
aware of if you are looking in a critical infrastructure operational technology environment?
Yeah. The real reason is because all these devices, they aren't just stand alone. So yes,
if those devices are impacted, they could have catastrophic effects. But it's not just the primary
attack. You have to then start considering secondary and third effects and where it's going to go.
and to your point, specifically with digital convergence, what before was just a router
sitting on an enterprise or an IT network is now a gateway or Rift or a portal into the OT
environments. So looking at things like, for example, those devices that now have internet
connectivity, and I'm going to relate everything back to stranger things here, a few little nuggets
along the way, is you can almost think about it as the internet is the main gate or the mother
gate. So although it's great and it's helping us be efficient, more operational, with the mother
gate now available, it's now a portal to reach into and look at those vulnerable devices.
And then I'm happy to keep expanding on this, but attack vectors essentially that once you access
one device that's vulnerable, it could be a catalyst to then spread more devices, i.e. create
the hive of the army, right? For sure. So one of the things that's really interesting, I think,
And you talk a lot about this parallel with the devices and sort of the portals in.
IT, potentially, IOT, there's this cross section of threat that comes from those environments.
Even if you air gap a security environment, like a manufacturing plant or a hospital,
we know that there has been influences from the supply chain, from other devices that they thought was like an air gap protected environment,
but it genuinely hasn't.
Can you talk in your experience of how you work with customers, how you've had to sort of set up certain environments to try and put some controls in place so that we can manage these sort of barriers and try and keep the sort of lurking hidden concerns of the underworld away?
Yeah, 100%. And I have to give a shout out to the OT team at Armis and we do this every single day.
It's not only, let's go, is not only apply, not only apply ourselves as technical advisors.
and subject matter smeeze, but sitting in a room and really being connectors.
So to give you an idea, when we think of the internet or we think of the vulnerabilities or threats
and all these different tactics, techniques, and procedures that exist out there, right?
That really is the upside down world, right?
That's where all the big, scary things live and they're reaching out.
And specifically, what we like doing as a step one is we will go sit in the same room as the IT team
and the OT team.
And a lot of times, those folks, they never interact.
So that's, again, going back to having a power team of Will and L and everybody else all together
to chart out what it looks like, right?
And then from there, you need to do an initial assessment to understand what devices that
you even have.
So have initial visibility in monitoring, what's talking to what, what's insecure, what's
using insecure protocols, what's vulnerable, and you build it out.
So that's where having something like Armis is having that continuous monitoring to understand
all the communications between devices, all the vulnerabilities with devices.
So that way, in the event that something does reach out from the upside down world or from
the mother gate and the vulnerabilities and the attackers are coming in, now you get some
sort of immediate alert or immediate response.
So we always tell people it is a crawl, walk, run, and it's not lost on anybody that this
doesn't happen overnight.
It's definitely a phased approach.
But that's how you get there.
And so even talking about an analogy of what that would look like, for us.
for all the Strangely think fans out there,
and I'll break it down for everybody.
So you can think about something like the Mothergate being the internet.
And inside of the Mothergate,
you essentially have a mind flare who is,
think about the brains behind everything.
And this mind flare has a telepathic link
to all these different kinds of monsters and armies
that can go out there.
So you can think about the mind flare as the brains
or an advanced persistent threat or a nation-state actor
that's going out performing some of these.
these large, exploitable attacks that we see wreaking havoc across political infrastructure.
And so there's different various types of soldiers, we'll say, that are under the command
of the mine flare, right?
We'll say demigorgans and demigods and everything else.
All you need to know is these are basic attackers that are predatory.
And so they essentially will smell blood or some presence of something and they will attack it.
So in this use case, those are hackers or hacker activists that are then going through
something like the mother gate.
And earlier, Rebecca, you spoke on environments that are air-gapped, and that's why sitting
down at the team is so important because they may say that they're air-gapped, but as
you do a bit of objection handling and you're sitting down with the teams and you're mapping
out network architectures, long behold, there may actually be an open pivot point to that
IT device that they can use as a segue.
So maybe those vulnerable devices, those are the blood that the demigorgans smell and they're
going out to attack, right?
And maybe in the event that those, they actually are exploited, those vulnerabilities,
and we can relate this to an attack that's happened over the last couple of years that's still ongoing,
once the device is actually exploited, it then becomes a pivot point for all those other devices
that will shut down the power grid, that'll turn off the baggage handling system out of the Asian system.
A pharmaceutical company, it changes the chemical composition of what that medication looks like.
And we can refer to those, right, the actual devices that are being compromised as something like the flayed, right, where they're essentially being taken over to then gather other people and bring them into the army all through that one telepathic link.
So it is pretty scary out there, but we advise everybody to first get monitoring and see what's out there.
Then you have to have vulnerability management to know which devices can be exploited.
it, then you have to have threat detection, and then ultimately, it's an ongoing iterative process
to keep growing that environment and understanding things. And it also goes back to teamwork,
right, looking at all your other security tools, i.e. the rest of your team that are fighting
everything in the upside down world and then joining together. Yeah. And it's interesting because
what you're talking about, what you're describing here is a massive escalation over the last
three years, as you've said.
And, you know, I hate using this buzz.
Well, we talk a lot about it on our other podcast, but AI has expanded and sped up the mind
flare ability of the team, the team of bad actors to really put a lot of the emphasis and the
speed and the time to hack or time to threat is very, very quick now.
And so it's interesting how we look, as we look forward to 2026, how it's interesting, how
I think what you've laid out to the strategy of what you need to think about from a base level
perspective and then sort of add the layers on. We know that AI is massively creating a new
dynamic for people to think about. And it is sort of sentient sort of scariness in that they're
starting to evolve and learn from hacks that they've tested in other environments particularly
and then adapt that to another, you know, whether it's an airport or a water treatment plant. We know
that learnt behaviour has allowed people to expand their attack surface. So how do organisations then
sort of, you know, we don't want to scare them and suggest that Vecna is sitting watching them,
but there is a sort of a more serious point in that we know that this is evolving threat
landscape is creating massive amounts of change for organisations. So how do you think the first
step is in trying to solve that next year? What do you think they should be doing as they look
at that expanding tax surface with AI particularly in mind. Yeah, spot on. And I mean,
you said it best, right? We're seeing a lot of these exploits and attackers and red hatters and
penetration testers and everybody else, right? Unfortunately, more so on the adversarial side of the
house for malicious intent, but you're right. And you can think about this, again, going back to
stranger things, of having the upside down world of being the big and scary and the attackers and the
right side up being just the normal water utility or electric utility out there. So the real
world where all they care about right now is they want to make sure that the plant or the
treatment facility is up and running and it's doing the job that performs. It's like living
in the real world, right? But on the other side of things, in the upside down world, they have
one intent and they have one mission. And that's all they're focusing their time on. So two
different worlds. So now we look at the right side up, not just making sure that everything is
operationally up and running in a safe and secure manner. But now you have to incorporate
cybersecurity and you have to get ahead things like AI and automated offensive abilities, right?
So the way that you mitigate that is you have to be very tailored and it's not lost on us that
there's only a finite amount of resources per team. And for example, the last thing that you want
to do is you don't want to get a tool that's giving you four million alerts every single day
and then your team doesn't even know how to tailor it down because there's alert fatigue. So it's
understanding of those devices that are vulnerable out there, it doesn't necessarily mean that
every single device needs to be patched or needs that sort of upgrade for whatever it might be.
If you have the proper segmentation in place with physical or logical segmentation and
micro segmentation, the risk inherently will lower, right?
So with that being said, it would almost be like instead of those four million alerts,
you then would understand that of those four million alerts,
maybe there's a million devices of the million devices
because you have proper segmentation,
maybe only 10% or 5% of those can actually be exploited.
And in our terms that we refer to as attack path mapping,
so not just getting alerts,
but understanding of those devices,
how an attacker from the upside down world would come in
and they would actually get to that end device
and hop from A to B to C,
see and then exploit it and they continue to build out their army and continue to build power,
right?
So there's a couple of mechanisms for that.
So integrating all of your tools, understanding what your attack landscape looks like,
and then having something like an attack path map so that you know you're getting all
of these alerts, but the real things to focus on so we can prevent any other rifts from
opening.
Yeah.
And it's funny because one of the big premises of strange things is, of course, awareness and
power.
Yeah.
And having that control and how you manage control.
And I, you know, excited to see the 11 and Dustin and the rest of the crew and how they tackle the coming together of the two worlds.
But it's funny because in cybersecurity, we talk a lot about awareness being the key power.
But of course, it's the one thing that slips through a lot of organizations' fingers because it's ever changing.
One minute you think, you know, you've got everything sorted.
You know where everything is.
You can see everything.
You know what your attack surface looks like.
But of course, guest access, the supply chain, anything that's coming in and out on a daily basis changes the game.
So awareness and control is a complete illusion.
So how do you then get into that proactive defense mode when actually a lot of organizations are still having to react to everything on a daily basis?
Yeah, yeah.
And I think a lot of it comes down to information sharing, collaboration, teamwork, private, public partnerships.
And the reason for that is because, to your point, we don't want to be reactionary.
A lot of times, you look at recent attacks over the last couple of years, typically an adversary will sit in an environment for months before they actually exploit those end devices or they execute a kill chain.
And at that point, it's probably too late, right?
They know everything about living off the land.
So it's coordinating with people and finding a trusted advisor to help you.
And you look at the team and stranger things, right?
Without each other, they would crumble.
It really is a powerhouse team.
And the way I like to look at it is they all bring something to the table,
whether it's a scientist or it's the loyalty of a team,
or maybe it's even something like we'll consider Armis, the L, right?
We're closing the Rift and the team uses us as the tool to go forward.
So we will be the aggregation of all the other security tools,
everybody else on the team.
And then acting as L, we will use that.
that power to go close the rift.
So, and that's where we come from.
So now instead of having somebody living off the land for six months or seven months,
we will identify anomalies or rogue devices or dual-homed assets or somebody coming in
when they shouldn't or PLC switching modes.
And then that's because we're using the team as the one point of truth.
And then as L, we can then talk to the rest of the team and close it together.
Yeah.
And I love this analogy of like teamwork because I think that,
For us, they've been working in the cyber security for so long,
it does feel like the community tries to bandy together.
You know, we do not point fingers when other people have been, you know, here.
We are in the trenches together trying to defend the nation
and defend the countries that, you know, our customers are based in.
It's interesting as we, as I look back for last year, this year and look forward,
I do genuinely feel and why I'm so sort of passionate about this subject is how mainstream
cyber security issues are now. We talk a lot in, you know, our little bubble of cybersecurity
professionals of like what the problems are. But this year feels like it is in every conversation,
my grandmother, my parents, my friends, my family, people that are not remotely in the
cybersecurity world, but they know the impact now. This is not a hidden technology, IT
societies, IT department sort of element of discussion. It is mainstream life.
everybody has probably been affected by something in the last couple of years, whether that's, you know, the democracy at threat that happened last year in a Brit.
The UK this year has been inundated with threats across retail, you know, big manufacturers, car manufacturers, financial institutions.
It really does feel like we have been inundated this year in problematic attacks.
And it's had a huge detrimental effect on the economy.
It's had a detrimental effect on the people working at those organizations, not just in cyber, but the actual staff.
And I worry next year that this potentially gets even more critical.
You mentioned right at the beginning of our discussion, a water treatment plant, we know some horror stories that have happened there.
We talk about medical issues, you know, cutting edge, life-threatening issues that have been created or have been affected by cyber security threats or disruption.
If we look into next year, what are the things that you would put out there about, you know,
positive intent that the community and the wider society need to be aware of as we think about
cybersecurity issues for 2026? Yeah. And I'll start off by saying, I'm scared to you, Rebecca.
Never in my life that I think that I'd be sitting around at Thanksgiving dinner and my grandma
bring up cyber attacks. So that, it's crazy. I mean, and not even in critical infrastructure, right?
I mean, that's what I'm very passionate about.
I think you are too.
But even looking at things like deep fakes and using AI to replicate audio and visuals
and now impersonating people where not just from a technological standpoint,
but even things like social engineering being expedited through AI.
So it is terrifying.
And I think next year, the way that we get ahead of this is it really is going out
and interacting with the ecosystem and our partners.
and getting involved,
to give you an idea here at Armis,
we're heavily involved with things
like building out OT Zero Trust framework
and providing comments.
There's something called the OT Cyber Coalition
that does amazing work on the Hill
that we're very involved with.
And shout out to them,
they're doing a great job too.
So, and information sharing with things like ISACs,
information sharing analysis centers,
where we're now using the information that we have,
not only just as an OEM and as Armis,
but sharing it across the entire ecosystem so we can succeed together.
So that way, in the event that there is a zero day,
you don't have to wait weeks or months to understand that if you've been attacked,
but you can get immediate results.
And then pulling something in,
there's a bunch of great partners out there too
that have things like incident response retainers.
So in the event that there is some sort of attack or incident that occurs,
even if you don't have the manpower to support that sort of incident response,
you have a team that's backing you.
So you have something from a technological standpoint that's backing you
and what's been identified in those attacks and fingerprints
and any sort of hash that's matching or indicators of compromise.
But you also have a team that can go out there and visit you.
They can help you walk through that response.
They have maybe something like a flyaway kit to do assessments,
understand what's been attacked and triage it and everything else.
So really, to answer your question in short,
it goes back to those partnerships
and building a powerhouse team that regardless of where that rift opens up or how the story
changes or maybe things that you didn't expect to happen in the first place,
you can stay agile and be proactive and use AI to your advantage, right?
Use it to augment your team and not from a noise standpoint of being even more alerted
and having the noise fatigue in front of you,
but use it to do things like educate your teams on critical infrastructure,
educate them on how to use specific tools, right?
I mean, even us at Armist, we have a data lake of 6.5 billion devices that we're constantly
fingerprinting.
You can use AI to essentially look at that database to see which devices are end of life
and of sale can be exploited.
And you could use it for a variety of other things, right?
Like enrich your sock, educate your team members.
Come to workshops that worry out to everybody else.
Go to conferences that are talking about cutting edge technologies and
problems and really just get involved every person this community and you and i both rebecca we're
very passionate about this because at the end of day it's about protecting society right we're all on it
together it is and i love that i mean we should end there really because that is the end game at
the end of the day and and what a lot of us get up in the morning and work as hard as we do for
we are actually at the very very cutting edge of technology and the impact it has on day to day
lives. And I don't want everyone to be scared, but we, we do see a lot of change. And I think
going into next year, we need to be acutely aware of what could potentially happen. Awareness,
knowledge is power. And just being aware of those things and being proactive and not sitting
back and sort of waiting for things to happen is going to be crucial. I look forward to the rest of
this series, because we're going to be talking to Michael Freeman, who's head of our Amisthreat
intelligence team, Nadir Israel, our co-founder and CTO, and then, of course, Curtis Simpson,
our CISOs.
We're going to have lots and lots of discussions about what else could be happening.
But I'm going to end on our favorite subject, of course.
Stranger Things is three weeks away.
A little bit of prediction.
You don't know how it's going to set itself up for the final series.
What do you hope to see?
Yeah, to be honest, I feel like the ending was already pretty emotional for me.
Before this pot, I mean, I literally sat there for about four minutes afterwards, just digesting everything.
So I don't know if it's going to have to be a grand finality of the two worlds finally colliding in the upside down world, now essentially projecting itself into the right side up.
But I don't know, especially with things like the particles and matter in the air, does that mean that more people are going to join the army?
What does that mean for L not being blind?
There's just so many things that are coming up that I couldn't tell you.
I think the show does a great job of keeping us on our toes.
And trust me, I'm on my toes right now, Rebecca.
I'm just playing all the music.
Like, I'm an 80s kid.
I'm just playing the music, getting ready for it.
But, you know, I'm a sucker for a happy ending.
I really hope that, you know, in a bit like the cyber world,
we will defeat the baddies.
And that's how it will play out in the show as well as in real life.
Cam, thank you so much for joining me for the first episode.
I'm really excited.
We're going to get your views later on in the series as to how it's all mapped out in the actual program,
but also how we go into 2026.
So for now, thank you so much.
And for the rest of our audience and listeners, please tune in for the next episode
where we talk even more about some of the threats exposed by the upside down.
Till then, bye.
Thank you.