Crossing the Valley

Crossing the Valley

Crossing the Valley
Crossing the Valley
Ep. 46: Meet the Tech Heretic Foiling China's Attempts to Take Over the Grid
0:00
-36:48

Ep. 46: Meet the Tech Heretic Foiling China's Attempts to Take Over the Grid

Joshua Steinman, CEO and Co-founder of Galvanick (and former Sr Director at the NSC) joins us to talk about (perhaps?) the most pressing threat we face
Noah Sheinbaum's avatar
Noah Sheinbaum
Jun 04, 2025
Share
Transcript

Defending the Soft Underbelly of America’s Industrial Power

About Josh

Joshua Steinman brings a unique combination of operational military experience, senior policy leadership, and entrepreneurial drive to the challenge of securing America's industrial infrastructure. A retired naval officer, Josh was one of the original "10 heretics" tasked by the Chief of Naval Operations to find asymmetric opportunities for the Navy - an effort that helped catalyze today's defense tech ecosystem.

During the first Trump administration, Steinman served as Senior Director for Cybersecurity on the National Security Council staff, where he was responsible for all cyber, telecom, crypto, and supply chain policy. This role gave him intimate knowledge of the vulnerabilities in America's critical infrastructure and the sophisticated threats targeting these systems.

After leaving government service, Josh co-founded Galvanick with Brandon Park (former Amazon global OT cybersecurity lead) and Feliks Pleszczynski (hedge fund trader). The team brings together expertise from military operations, large-scale industrial cybersecurity, and zero-failure financial environments.

About Galvanick

Founded just over three years ago, Galvanick focuses on securing operational technology (OT) - the industrial control systems that manage physical processes in manufacturing facilities, power plants, and other critical infrastructure. Unlike traditional IT cybersecurity, OT security requires deep understanding of industrial processes and the unique constraints of manufacturing environments.

The company has developed a platform that provides real-time visibility and automated threat detection for industrial control systems. Rather than requiring defenders to manually correlate data across multiple systems - a process that can take hours, days, or weeks - Galvanick automatically generates comprehensive investigations in real-time.

With a lean team of 14 people, Galvanick already protects manufacturing facilities for some of the world's largest companies. Their platform can be deployed in as little as 2.5 hours and operates with the passive monitoring approach required in zero-failure industrial environments.

The company represents a commercial-first approach to a fundamentally dual-use problem. While their current customers are primarily large manufacturers, the same vulnerabilities exist across defense industrial base companies and military installations.

Key Takeaways

  1. Expanding the Definition of Defense Industrial Base: Josh argues that the defense industrial base extends far beyond traditional weapons manufacturers to include all companies that touch the infrastructure supporting military operations. "A defense industrial base doesn't actually exist unless it is secure or protected from cyber threats. Because a compromised facility that is exposed to sabotage, digital sabotage... will not function at the exact moment where they must." This perspective recognizes that in modern conflict, the ability to project force depends entirely on the security of the broader industrial ecosystem.

  2. Commercial-First Strategy in a Dual-Use Market: Despite his deep government background, Josh chose a commercial-first go-to-market strategy. "I felt more comfortable, my co-founders felt more comfortable starting with the private sector. We thought we would just have tighter feedback loops." This approach allows faster iteration toward product-market fit while building a proven solution that can later transition to government customers. The split between users and buyers in government markets makes early-stage product development more challenging.

  3. Zero-Failure Culture as Competitive Advantage: Given that Galvanick protects "manufacturing facilities that build products that people trust with their lives on a daily basis," the company has built a culture around zero-failure operations. Every hire is treated as "basically betting the company," and Steinman personally takes candidates for walks to ensure they understand the weight of responsibility. "You need to make a decision inside your soul. Like, am I literally up for this? Because no one's going to do this stuff if you don't." This culture translates directly into customer confidence and the ability to deploy in mission-critical environments.

  4. Automation as Workforce Force Multiplier: With fewer than 10,000 Americans conversant in operational technology cybersecurity, and their current jobs being "incredibly monotonous," Galvanick addresses both a capability and human capital challenge. By automating investigations that previously required manual data correlation across multiple systems, they transform the defender role from "searching for the needle in the needle stack" to strategic response and analysis. This approach makes OT cybersecurity roles more engaging while dramatically improving effectiveness.

  5. Real-Time Visibility Enables Proactive Defense: Traditional OT security operates on long time horizons with limited visibility into industrial networks. Galvanick's platform provides granular, real-time monitoring that reveals activities previously invisible to defenders. When asked about defending against a Stuxnet-style attack, Steinman was confident: "Data moving around that network introduced by an outside party is something that we absolutely would detect." This visibility enables proactive defense rather than reactive damage assessment.

The Galvanick case illustrates how founders with deep domain expertise can identify critical vulnerabilities that broader markets have yet to fully appreciate. Josh’s background enabled him to understand both the technical challenge and the strategic implications of OT cybersecurity failures.

Most importantly, Galvanick demonstrates how the traditional boundaries between commercial and defense markets are breaking down. As Steinman noted when describing potential Taiwan conflict scenarios, modern warfare begins with infrastructure disruption, not kinetic strikes. Companies like Galvanick that secure the industrial foundation of American economic and military power are therefore inherently dual-use, regardless of their initial customer focus.

The company's approach - building proven commercial solutions that can transition to government markets - is an intriguing model for addressing dual-use challenges where government requirements are still evolving but commercial demand provides a path to product-market fit and financial sustainability.

For more on Josh: X | LinkedIn

For more on Galvanick: https://www.galvanick.com/

Discussion about this episode

© 2025 Noah Sheinbaum
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture