Piqued Solutions founders Leah and Jeremy Dodson explain why industrial cybersecurity isn’t just an IT problem and how manufacturers can protect critical operations by focusing on layered defenses, smarter use of AI and a culture that empowers innovation rather than stifling it.
Operational technology (OT) security isn’t just information technology (IT) with different acronyms — it’s a different battlefield with higher stakes. That was the throughline of a recent Ctrl+Alt+Mfg conversation with Leah and Jeremy Dodson, co-founders of Piqued Solutions, who argue that manufacturers must recalibrate from fortress thinking to layered resilience. The work begins with unglamorous hygiene and ends with a culture that enables, not obstructs, innovation.
Turning technical insight into business action
Leah’s career began not in code but in communication. As a technical writer, she translated penetration-test reports into language executives could act on, revealing a persistent gap between IT experts and business leaders. The challenge, she said, is turning compliance-driven security requirements into operational strategy.
“It’s not about doing something just because the regulation says so,” she explained. “It’s about understanding how that decision protects the business.”
Jeremy, who spent two decades in military and private-sector cybersecurity roles, approaches the issue from the other side of the keyboard. As a red-team specialist, he’s seen how easy it can be to exploit the same weak points defenders overlook. For him, the goal isn’t just proving that he can break in. It’s showing companies why that matters. When security teams can connect vulnerabilities to production downtime or safety risks, he said, “that’s when people start paying attention.”
Fixing the basics
Both Dodsons said the most serious vulnerabilities are often the simplest. Default passwords, weak access controls and outdated systems still plague factory networks. Jeremy compared attackers to water: They’ll always find the easiest path. Changing default credentials before devices go online, keeping patches current and verifying access processes are basic steps, but they’re often skipped.
Leah added that such low-profile fixes rarely get executive attention because they don’t make flashy metrics.
“You can’t show a chart that says, ‘We changed every password,’” she noted, “but those quiet improvements prevent the loudest disasters.”
The end of the “air gap”
Manufacturers have long relied on the comforting notion that their OT systems are sealed off from the internet. But according to the Dodsons, true isolation is rare. During the pandemic, many organizations installed remote-access tools to let outside experts connect to equipment. Those “temporary” workarounds often became permanent, creating invisible bridges between secure and insecure networks.
Rather than doubling down on isolation, Jeremy recommends layering defenses. He calls this the “gobstopper model,” after the popular candy. Each layer should assume the one before it might fail.
“Too many organizations think they have a hard candy shell,” he said. “Once you’re through, there’s nothing inside. You need a gobstopper — layer after layer of detection and containment so even if someone breaks in, they can’t reach what matters.”
Protecting data, not just access
The Dodsons emphasize that no network is perfectly secure, and defenders shouldn’t expect to win every battle. Instead, they should plan for controlled failure. Jeremy’s philosophy is simple: Focus on protecting data rather than just keeping attackers out. If intruders can’t access or exfiltrate valuable information, and if backups are clean and immutable, the impact of a breach is limited.
Leah extends that mindset to employee behavior. She argues that expecting every worker to be a cybersecurity expert is unrealistic. Training helps, but systems must be designed to tolerate human error.
“People make mistakes,” she said. “A resilient system assumes that and prevents one click from bringing down production.”
The couple also champions “deception technologies” such as honeypots and honeynets. These are controlled environments that attract attackers and expose their tactics. When defenders share what they learn, everyone benefits.
AI’s promise and pitfalls
Artificial intelligence has become an increasingly valuable tool for OT security. Jeremy highlighted its ability to establish baselines of normal activity and quickly flag anomalies, which humans can struggle to do at scale.
“AI can recognize when a system behaves differently before anyone else notices,” he said.
Still, both Dodsons caution against blind trust. AI models can be fooled or misused, and overreliance can erode human judgment. Leah pointed out that banning AI altogether is equally risky, since employees will inevitably turn to personal tools. The solution, she said, is governance. Companies need clear policies that allow AI to enhance productivity without exposing sensitive data.
Culture as the ultimate control layer
Technology alone can’t secure a factory. Leah said sustainable protection comes from culture. Manufacturers need to empower workers at every level to notice and question anomalies.
“Build cybersecurity champions on the plant floor,” she said. “The people who see something odd — an open port, an unfamiliar badge — are your first line of defense.”
Jeremy agreed, arguing that security teams should be partners in progress, not obstacles. Too often, he said, cybersecurity is viewed as the department of “no.” The goal should be enabling innovation safely.
“If your company wants to move fast,” he said, “help them do it without creating risk.”
He learned that lesson firsthand when he once resisted cloud adoption. Leah urged him to rethink that stance. “Instead of telling them not to go to the cloud,” she told him, “teach them how to go safely.” Today, they apply the same approach to AI and automation.
Security as a driver of innovation
In manufacturing, uptime and safety are non-negotiable. The Dodsons argue that cybersecurity should be treated the same way and be built into processes, not bolted on afterward. Fix the basics, abandon the air-gap myth, protect what matters most and encourage teams to adapt safely to new technology.
As Jeremy put it, the future of cybersecurity isn’t about stopping progress. It’s about steering it.
“Security shouldn’t be the brake,” he said. “It should be the steering wheel.”
The Ctrl+Alt+Mfg podcast
Make sure to check out the first few episodes of the Ctrl+Alt+Mfg podcast, where hosts Gary Cohen and Stephanie Neil discuss insights from WTWH Media’s State of Industrial Automation Report – Spring 2025 and how to create clean, connected and trusted data.
