John Opala, VP IT and Global CISO at HanesBrands Inc., joins Mac Grant, Vice President of U.S. Sales at ColorTokens, to discuss the challenges of securing complex IT and OT environments across global manufacturing operations.
John explains why traditional network architectures often leave organizations exposed to lateral movement and larger blast radius during an attack. He shares how segmentation helps reduce that risk by improving visibility, containing threats, and supporting breach readiness across both IT and OT environments.
The conversation also covers the realities of securing acquired environments, where inconsistent technologies, limited budgets, and fragmented visibility can make resilience harder to achieve. John discusses the value of a unified platform that helps SOC teams support distributed environments without adding operational complexity.
He also highlights why OT security is not only about cyber risk. In manufacturing environments, availability, safety, and productivity are closely connected. The discussion explores how microsegmentation can help protect critical operations, reduce disruption, and support frontline workers without slowing the business down.
The interview closes with a look at AI-driven threats and the increasing speed of attacks. It also explores the future of segmentation and how it can help organizations strengthen cyber resilience across manufacturing, healthcare, apparel, and other operational environments.
John Opala: Good morning. How are you doing today?
Mac Grant: I’m fantastic. Yeah, thanks for being with us. And thank you for being a customer of ours here at Color Tokens and and it’s an exciting RSA conference, a lot of crazy things going on in the industry, so I’m interested to talk with you about that.
Mac Grant: But before we get into that for the viewers, why don’t you tell us a little bit about yourself and your role? And and then we can go from there.
John Opala: Thank you. It’s wonderful and thank you for the invite to RSA. I think there’s a lot of good things happening here. I’ve been in the industry for over 20 years.
John Opala: Led large network architecture implementations. Did solution architecting, principal architecting, spent a couple years, maybe 10, 12 years at Cisco before moving out to pursuing C Rolls. In my experience, I think the biggest challenge we have. These. So the current network infrastructures were de designed with the 1990s mentality that makes it much more vulnerable to exploit an lateral movement.
John Opala: So as we go through the conversation, that’s my main area of interest. How do I limit the blast radius and lateral movement of the attack and the environment?
Mac Grant: Ah,
John Opala: our car tokens As a cu as a customer, I think the ease of deployment to the technology the ease of use and ease of support. Was one of the things that made our architectures in my organizations more gravitated towards scholar tokens as opposed to other partners out there.
Mac Grant: Wow. Okay. Thank you for saying that. We’re happy to have you as a customer. I know you’ve had quite the journey with us for a few years you’ve been with us. What would you say in terms of value that’s been delivered through the solution? Has it delivered what you’d expect it to deliver?
Mac Grant: Has it kinda, has it given you some confidence in working with with regulators or, other governing bodies or executives?
John Opala: I think the partnership is is always good to highlight that the partnership and the color token’s willingness to work with us was a big deal in terms of value delivery.
John Opala: I think the EO deployment within our data centers, we are leveraging very highly in our data centers application to server segmentation, up to user segmentation. I think we were able to respond and remediate some of the things which were, could have been very detrimental to our environment. So I think we received value also, the breach assessment where you could do an analysis and report back to us in the OT environment.
John Opala: Which was the next phase we were looking at moving forward was compared to none. You’re able to identify risks, quantify risks, and we are able to leverage that report to communicate what we are seeing as a bigger issue to the larger executive leadership.
Mac Grant: Ah, okay. Got it. So it sounds like you, you leveraged that report to be able to make, do a business justification for why you wanted to.
Mac Grant: Expand out of not just the IT environment, but into the OT environment.
John Opala: Yes.
Mac Grant: On a single platform. I mentioned a single platform. That’s a bit of a marketing phrase I suppose, but but I, to me, what it represents, and I’d love to get your thoughts on this is how valuable is it to you to be able to have that single pane of glass visibility across your IT and OT assets in terms of, lateral movement and whether you can put an agent on it or not, whether you need to put an agent on or not, whether it is a, whether it’s a device in a manufacturing facility or a system or a server or whatever,
John Opala: it’s big in the terms of training the support team. So if you think of it, OT networks in manufacturing spaces are segmented or disjointed from the rest of the networks.
John Opala: Many manufacturing companies grow through acquisitions, so you have. Industries in Asia, in Europe, in Australia, Asia, China, Africa, that may not have the same standardized technology as the headquarters in the us, right? Yeah. So you inherit this and sometimes there isn’t enough immediate budget to retrofit technology to most of these places.
John Opala: So therefore, if you are having to rely on 10, 20 different platforms, number one is cost prohibitive. Number two, you have to train your SOC to support multiple things. And number three, there’s a gap in visibility. I think the key thing in ot, as you move from IT to ot, and this is true of it as well, that visibility alone is not enough.
Mac Grant: Wow. Yeah. Having data sources, having log through review in your sim is good, but it tells you what has already happened. What we are looking for, if we could have a predictive analysis. That we would almost forte, we think given the current events we are seeing, there’s gonna be a potential for this failure, for this bridge, for this exploit.
John Opala: Then we can plan accordingly within the conference or one platform that’s huge in the industry.
Mac Grant: Gotcha. Gotcha. So I, boy, I heard a lot in there. So one of the big themes you mentioned was, alright, being able to look at historical data and traffic that’s occurred and use that to inform what your policy decisions are going forward.
John Opala: Yeah.
Mac Grant: But I also heard a bit of a cost saving story in there. Just, or maybe cost containment is the right, yeah. Is the right phrase in terms of when you go into one of these acquired entities, it’s a challenge to be able to, you can’t always afford to just buy a bunch of brand new gear. Yeah. So the ability of our solution to be able to go into that environment as it is and create value, give you the visibility and some ability to control traffic as it exists today without making major changes
John Opala: yeah.
Mac Grant: Is valuable.
John Opala: Yeah. So yeah. So architecting, defensible and resilient ot hundred T architecture during mergers and acquisition is well as a challenge because when you purchase an entity, there’s a given driver. The synergies, their core servings and many a times, it and OT becomes the afterthought of that. A Seesaw or a CEO also struggle with how do I use the same budget, the same resources I have to make sure my environment is protected or I’m having a defensive and probably a resilient infrastructure because in the OT space.
John Opala: Availability is king. Availability and life safety, those two constructs are king. You want to make sure you’re able to deliver to produce your widget so you can go to market faster, but you also want to make sure your employees are not putting harm, bodily harm or bodily danger. But the what, one side of the coin that’s missed, that as a breach can lead to two failures at the same time, if an OT environment is compromised.
John Opala: Somebody can speed up. The speed at which these things are running can chop somebody’s hand, remove all the safeguards, somebody could, if you’re working the boilers, you’re making a chemical, somebody can increase the heat of that 10000% and all of a sudden create a bomb out of it. So I think I look at segmentation as a mechanism to contain both cyber risk and human safety risk in the event of an exploit.
Mac Grant: Wow. Yeah. Yeah. Yeah, that’s a good thing to remember for all of us that live in data centers and cloud and, all those cute little places that when we get out into the manufacturing environments, it’s cyber and it’s physical and it’s safety and it’s security and it’s protecting the business. Yes.
Mac Grant: All at the same time. So it’s pretty important. Wow. Okay. Thank you for that. What are your thoughts in terms of are there the future for color tokens and segmentation? Are there things in the future that you. That you’re planning for where this is relevant?
John Opala: Yeah. Yeah.
John Opala: I think that as artificial intelligence, and I think all of us have had this a million times, and some people think it’s VA power, but I think there are some realities we have to contend with. Artificial intelligence has enabled the attackers to be able to have a high velocity of attack that we never seen before.
John Opala: At the defender side, and that’s where sea color token is. We, how would color tokens leverage AI technology to ensure we are able to withstand the verocity of this oncoming onslaught of attacks? Number two, how do we begin to develop policies, standards, processes around this that’s much more faster, seamless.
John Opala: And if you think of things like. Passwordless authentication, which I think is something color tokens is very interested in and I think very known for one of the approaches we’re taking in manufacturing space, having used us to authenticate and rea authenticate is takes away their time to productivity.
John Opala: So therefore, how do we enable your login, your protected, but you don’t need to authenticate. So I think looking at the future of all that in a secure Proctor Square environment. It’s gonna be significant improvement for all manufacturing facilities globally in every industry. Healthcare apparel tire.
John Opala: Doesn’t matter why. It is because there is a need to be enabled employees to work faster, do their things better, but every time the log off, the log of a profile, it stops that process, which was running to stop and then do another one again. But we also don’t want them to be writing their password. And sticking them on the machinery.
John Opala: So when you walk on the floor, password 1, 2, 3, 2, 3, 4, 5. So I think there’s gonna be, I’m looking at opportunity where you can leverage segmentation microsegmentation in the OT environment. Don’t impact OT productivity. Enable the capabilities and enable the frontline employees to do their work without worrying about security.
Mac Grant: Yeah. Yeah. That’s the way you’ve gotta do it. Yeah.
John Opala: That’s
Mac Grant: it. Alright folks. I think that’s time for us. Thank you John. Mr. John Apollo from Haynes Brands. Thank you for your time once again. Appreciate you taking the time out here at RSA. We’re signing off for now and
John Opala: thank
Mac Grant: you. Have a great day.
Mac Grant: Thank
John Opala: you so much. That was very good. Appreciate it.
Mac Grant: It’s pretty much off the cuff. How much time did that, did we use.