Inside Cyber Incident Response: Military Lessons, OT Challenges & the Power of Blameless Culture

Cyber incidents don’t just test your technology - they test your people, your processes, and your culture.

In this episode of Protect It All, host Aaron Crow sits down with Daniel Swann, Cyber Incident Commander at Rockwell Automation, to pull back the curtain on what really happens during IT and OT incidents. With decades of experience across the U.S. Air Force, enterprise environments, and industrial operations, Daniel shares lessons learned the hard way - from managing chaos in real time to building a culture where teams can learn without blame.

You’ll learn:

• Why documentation and scribe roles can make or break an incident response
• How blameless postmortems actually strengthen team performance
• What military-style discipline can teach us about OT and IT incident handling
• How to run effective tabletop exercises that expose real gaps
• The human factors - communication, clarity, ownership - that reduce downtime and panic
• Practical strategies to evolve your incident response plan before the next breach
  
  

Whether you’re developing your first IR playbook or leading seasoned response teams, this episode delivers actionable, real-world insights that help you prepare, respond, and recover with confidence.

Tune in for battle-tested wisdom from military operations to industrial control rooms - only on Protect It All.

Key Moments: 

00:00 "Protect IT/OT Cybersecurity Podcast"

03:30 Cybersecurity: Versatility Is Key

07:52 "Balancing Bureaucracy and Flexibility"

10:20 "Practice Makes Plans Effective"

14:17 "Learning While Doing"

18:44 "Document Key Info in Incidents"

19:46 "Versatile Team Role Importance"

22:45 "Tracking Lessons with Visibility"

28:34 Proactive Reporting Encouraged

29:33 Safe Reporting Prevents Phishing Incidents

32:52 "Bridging IT and OT Safely"

37:15 Team Collaboration Enhances Outcomes

41:00 Military Preparedness and Logistics Planning

42:59 Preparing for Unlikely Scenarios

47:20 AI Threats to OT Systems

48:32 "AI's Impact on Learning and Jobs"

About the guest: 

Daniel Swann is a seasoned Cyber Incident Commander at Rockwell Automation, bringing 17+ years of IT leadership and nearly a decade of cybersecurity experience. A U.S. Air Force veteran, he has led global cyber operations, responded to major vulnerabilities like Log4J, and driven large-scale improvements in incident response and vulnerability management. Daniel is highly certified, mission-driven, and recognized for building strong, resilient security teams.

Links : 

Video of Daniel Swann with Kate Vajda, Director of Vulnerability Research and Malware Threat Research, Dragos : https://www.youtube.com/watch?v=4zotgrPk8vI

Connect with Daniel on LinkedIn : https://www.linkedin.com/in/j-daniel-swann/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4