Schedule Your Free Security Assessment

Guest: Tory Bjorklund - Manufacturing consultant with 37+ years experience, author of upcoming "Digital Transformation Guidebook"

Key Topics Discussed

Digital Transformation in Manufacturing

  • Definition: Transformative technology that changes how businesses operate, serve customers, or interact with vendors
  • Failure Rates: 70-95% of digital transformation initiatives fail depending on how success is measured
  • Examples: Adding e-commerce capabilities to traditional B2B manufacturers, factory automation, transitioning family businesses to third-generation leadership

Security as an Afterthought

Common Problems:

  • ERP implementations going live with all users having system administrator rights due to rushed timelines
  • Manufacturing equipment bypassing IT security with direct wireless connections for "easier support"
  • Third-party technicians gaining unrestricted access to production systems without proper controls

Real-World Example: Tory shared how his previous company provided direct remote access to manufacturing equipment, bypassing customer firewalls and security controls entirely - convenient for support but creating massive security vulnerabilities.

Legacy System Challenges

Typical Scenarios:

  • Windows XP machines running critical software from the 1990s
  • Homegrown systems on unsupported platforms that can't be easily replaced
  • Equipment that costs $10,000+ to replace but poses security risks

Risk Management Approach:

  • Assess true business necessity
  • Evaluate replacement options
  • Implement network segmentation when replacement isn't feasible
  • Ensure single-purpose use (no web browsing, email, etc.)

Network Segmentation Best Practices

Segmentation Strategy:

  • Separate operational technology (factory floor) from information technology (office)
  • Implement micro-segmentation within operational networks
  • Provide employee-only Wi-Fi for personal internet access
  • Control inter-network communication through firewalls and routing policies

Benefits:

  • Prevents malware spread between network segments
  • Limits blast radius of security incidents
  • Allows different security policies for different business functions

Schedule Your Free Security Assessment

Business Continuity Success Story

Tory highlighted a 50-person, $50M manufacturing company with exceptional preparation:

  • Key Elements: Clear understanding of downtime costs per department/function, multiple backup strategies (local snapshots + daily backups), external change management system for engineering files
  • Results: When hit by malware, recovered in 2-3 hours with minimal data loss
  • Critical Factor: CFO involvement in quantifying hourly costs of downtime for each business area

AI and Data Standardization Challenges

Real-World AI Experience: Tory attempted to use AI for financial reconciliation across multiple P&L statements and discovered significant limitations:

  • AI struggled with basic spreadsheet concepts (columns vs. tables)
  • Couldn't distinguish between similar terminology (net revenue vs. net income)
  • Required extensive retraining when session limits were reached
  • Called AI "the smartest two-year-old I've ever seen"

Data Preparation Requirements:

  • Implement canonical schema for data standardization
  • Use data warehouses/lakes for transformation
  • Configure IoT devices with standardized output formats
  • Expect significant upfront work before AI can provide value

Compliance and Authority

  • Compliance requirements provide consultants with authority they otherwise lack
  • Standards like CIS controls offer frameworks, though interpretations vary
  • Insurance requirements can motivate security investments
  • Most businesses lack formal business continuity documentation

Key Takeaways and Recommendations

For Business Owners:

  • Quantify Downtime Costs: Work with your CFO to calculate hourly losses for each business function
  • Plan Before Implementation: Don't treat security as an afterthought in technology projects
  • Invest in Proper Planning: Business continuity planning can save millions in recovery costs
  • Consider Specialists: For major transformations, hire industry-specific experts rather than generalists

For IT Professionals:

  • Network Segmentation: Implement proper network segmentation as a fundamental security control
  • Legacy System Management: Focus on risk mitigation rather than immediate replacement when dealing with critical legacy systems
  • Data Preparation: Invest in data standardization before attempting AI implementations
  • Leverage Standards: Use established frameworks (CIS, NIST) to provide authority for security recommendations

Security Implementation Priorities:

  • Asset inventory and criticality assessment
  • Network segmentation implementation
  • Access control and privilege management
  • Backup and recovery testing
  • Incident response planning

Contact Information

  • Tory Bjorklund: VictoriaFied.com or ToryBjorklund.com
  • Upcoming Book: "Digital Transformation Guidebook" (Q1 release)
  • Specialization: Manufacturing and distribution digital transformation, ERP implementations, manufacturing execution systems

The episode emphasized that while technology solutions are important, the human elements of planning, risk assessment, and organizational preparation are often more critical to success than the technical implementations themselves.

Schedule Your Free Security Assessment