Data Security in Critical Infrastructure - Arturo Santos - Guardians of the Data - Episode #27
What happens when the systems that move people and power our world aren’t secure?
In this episode of Guardians of the Data, host Ward Balcerzak sits down with Arturo Santos, Director of Cybersecurity Architecture at Amtrak, to explore the growing risks facing operational technology (OT), the realities of protecting critical infrastructure, and why data governance, AI, and industry collaboration are no longer optional.
In this episode of Guardians of the Data, host Ward Balcerzak sits down with Arturo Santos, Director of Cybersecurity Architecture at Amtrak, to explore the growing risks facing operational technology (OT), the realities of protecting critical infrastructure, and why data governance, AI, and industry collaboration are no longer optional.
With more than 30 years of experience in IT and cybersecurity, Arturo shares real-world insights from the rail industry, discusses why legacy data retention practices are putting organizations at risk, and explains how modern cyber-physical systems are reshaping security priorities across transportation, energy, and other critical sectors.
Takeaways:
- Implement Strict Data Retention Policies: Organizations must establish clear guidelines for data retention and storage. Develop retention schedules based on legal requirements, business needs, and industry best practices, then enforce them rigorously.
- Treat Employee Data with Equal Priority as Customer Data: Many organizations focus heavily on protecting customer information while overlooking employee data. Your employees deserve the same level of protection you provide to your customers.
- Adopt a Data Custodianship Mindset: Shift how your organization thinks about personal information. Always remember that the data belongs to the individual, and your organization is merely a temporary steward.
- Monitor Threats Across Your Entire Supply Chain: Your organization doesn't operate in a vacuum. Stay informed about security incidents, vulnerabilities, and attack patterns across your industry and related sectors.
- Engage with Industry Standards Development: Participate in the creation and refinement of security standards for your sector. Your expertise and real-world experience can help shape standards that are both effective and practical.
- Leverage Collaborative Threat Intelligence Sharing: A collaborative approach provides visibility into threats you might never see coming from your own network alone. The key is moving from isolated security operations to participating in a broader intelligence ecosystem.
Quote of the Show:
- “ I started working in cybersecurity because I am passionate about protecting my data. I see it as a consumer .” - Arturo Santos
Links:
- LinkedIn: https://www.linkedin.com/in/-arturo-santos/
- Website: https://www.amtrak.com/home
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
