10:00 am - 11:00 am
KEYNOTE: Reading the Future with Useful Fiction with P.W. Singer
10:00 am - 11:00 am
Tabletop Exercise - GRIMM and Insane Forensics
11:00 am - 11:30 am
Living off the Land in an ICS/OT Penetration Test
Aaron Boyd is a Senior Industrial Pentester at the industrial cybersecurity company Dragos, Inc., where he focuses on penetration testing and network security assessments.
Prior to joining Dragos, Inc. Aaron was a Lead Security Architect at Honeywell where he contributed to standardizing and maturing architecture, services, processes, procedures, and policies relating to Informational Technology & Operational Technology equipment and applications residing in engineering labs and manufacturing facilities across the enterprise.
Prior to Honeywell, Aaron was the Lead OT/ICS Security Architect at DCP Midstream where he contributed to strategies and roadmaps targeting security risk mitigation as well as the development of overall architecture design and engineering across all security areas. This also included conducting vulnerability assessments and developing exercises to increase the maturity and awareness regarding the security of industrial control systems within the entire organization.
11:30 am - 12:30 pm
Your Infrastructure is Encrypted: Protecting Critical Infrastructure from Ransomware
Jamil Jaffer | @Jamil_n_jaffer
National Security Institute
Jamil currently serves as Founder and Executive Director of the National Security Institute and as an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University. He also currently serves as Vice President for Strategy, Partnerships & Corporate Development at IronNet Cybersecurity, a startup technology firm founded by former NSA Director Gen. (ret.) Keith B. Alexander. Jamil also serves on the Board of Directors for the Greater Washington Board of Trade, is a member of the Board’s Smart Region Movement Strategic Advisory Counsel, and is a co-chair of the SRM’s Cyber, Data Management, and Privacy Solution Group. Jamil is also an advisor to Beacon Global Strategies, a strategic advisory firm specializing in international policy, defense, cyber, intelligence, and homeland security; 4iQ, a technology startup focused on deep and dark web intelligence and identity theft protection; Duco, a technology platform startup that connects corporations with geopolitical and international business experts; and Amber, a digital authentication and verification startup.
Jennifer DeTrani is General Counsel at Nisos, a managed intelligence company helping enterprises identify adversaries and related threats. At Nisos she is passionate about driving conversations around how companies can use intelligence to drive corporate value and advancing a high-performance culture that is also diverse and inclusive. Prior to Nisos, Jennifer co-founded a secure messaging company focused on data minimization, Wickr, where she served as General Counsel and Chief Privacy Officer.
Over the past two decades, in addition to running the legal department at start-up companies, Jennifer has served as a federal prosecutor, run a solo law practice and worked at a top law firm practicing commercial law. She has volunteered her time each year at DefCon, teaching kids to be whitehat hackers through a non-profit organization. Jennifer serves as a member of the executive leadership team at SunLaw, a non-profit organization dedicated to helping advance female in-house counsel through information sharing, connection and collaboration. She is a contributor to Above the Law, and writes about the intersection of technology, privacy and the law. Educated at Dartmouth College and Michigan Law School, Jennifer grew up in the DC area and abroad, but now calls Southern California her home.
David Etue is Chief Executive Officer of Nisos. He has 20 years of experience at early-stage and mature companies, bringing industry perspective is built from experience including security program leadership, management consulting, product management and technical implementation. Prior to Nisos, he was Global Head of Managed Security Services at BlueVoyant and previously VP of Managed Services at Rapid7 where he drove the creation, execution and strategic vision of the managed services offerings globally. He was the VP of Business Development for Gemalto’s identity and data protection business, which he joined via the SafeNet acquisition . He was previously the cyber security practice lead at PRTM (now PwC), VP of Products & Markets at Fidelis Security Systems, led General Electric’s global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified Information Privacy Professional, a Certified CISO, and a graduate of GE’s Information Management Leadership Program.
12:00 pm - 1:00 pm
Tabletop Exercise - GRIMM and Insane Forensics
12:30 pm - 1:00 pm
Do We Really Want to Live in the Cyberpunk World?
Mert Can Kilic
Barikat Cyber Security
MsC. Comp. Engineer, Tinker, Maker, Love Legos
1:00 pm - 1:30 pm
Beetlejuice: The Lessons We Should Have Learned For ICS Cybersecurity
Tim Yardley | @timyardley
University of Illinois Urbana-Champaign
Tim Yardley is a Principal Research Scientist and Associate Director at the Information Trust Institute (ITI) in the University of Illinois Urbana-Champaign. He works on trustworthiness and resiliency in critical infrastructure. Much of his work has focused on experimentation frameworks, device analytics, assessments, verification and validation, intrusion detection and data fusion approaches. Enough of the boring bio’s though, let’s have some fun.
1:30 pm - 2:00 pm
Scripts and Tools to Help Your ICS InfoSec Journey
Don C. Weber | @cutaway
Don C. Weber is a Principal Consultant at and Founder of Cutaway Security, LLC and a Certified SANS Instructor. He specializes in providing information security consulting services to organizations with control environments. In his free time he assists with the ICS Village and provides mentoring and teaching for other information security professionals.
2:00 pm - 3:00 pm
Consider the (Data) Source
Dan Gunter | @dan_gunter
Dan Gunter is the Founder and CEO of Insane Forensics; a cybersecurity company focused on the scaled analysis of memory, disk, and network data in mission-critical networks. Before Insane Forensics, Dan was Director of R&D at Dragos and served in the US Air Force.
3:00 pm - 4:00 pm
Tabletop Exercise - GRIMM and Insane Forensics
3:00 pm - 3:30 pm
Approaches to Attract, Develop, and Retain an Industrial Cybersecurity Workforce
John Ellis has 10 years of experience in global customer-centric strategic and business roles with a focus on relationship building, commercial intelligence, strategic advisory, and transforming technological innovation into business success. In his current role as the Global Head of Industrial Cyber Alliances at Siemens Energy, he works to develop partnerships between industry, academia, and government to solve some of the most challenging critical infrastructure cybersecurity challenges. John holds a BS in Mechanical Engineering and an MS in Engineering Management from the University of Maryland Baltimore County, an MBA from Johns Hopkins Carey Business School, and an MPS in Cybersecurity and Information Assurance from Penn State.
Julia Atkinson has 10 years of relationship building experience across multiple sectors including business, government, NGO, and journalism. As a Global Cyber Program Alliance Manager at Siemens Energy, Julia believes in the power of diverse partnerships in solving today’s cybersecurity challenges. Julia graduated with her Master’s Degree in International Economics and Strategic Studies from The Johns Hopkins School of Advanced International Studies and holds a Bachelor’s in Political Science from Yale University.
3:30 pm - 4:00 pm
It Takes a Village (and a generous grant): Students Performing ICS Security Assessments
Dennis Skarr | @DennisSkarr
Everett Community College
Dennis Skarr is tenured faculty at Everett Community College (EvCC) where he teaches Information Technology. His teaching endeavors resulted in receiving the 2019 Exceptional Faculty Award from EvCC. Dennis is currently building an Industrial Security Program for EvCC that includes classes, workshops, and Capture the Flag competitions.
Dennis has an extensive background in performing security assessments on a variety of industrial control systems. While Dennis was with the National Guard he created a two-week training program for cyber operators to receive special qualifications for missions involving cyber-physical systems. Dennis spent over 10 years performing assessments for the National Guard on critical systems that included building automation systems, electrical utilities, and voting systems. In 2016, Dennis’ work at the Guard contributed to US Secretary of Defense Ash Carter visiting his unit for a briefing on their capabilities and achievements.
Christopher Von Reybyton
Student, SANS Technology Institute
Student, Everett Community College
10:00 am - 12:00 pm
CybatiWorks Powered by IntelliGenesis Mission Station Workshop
Matthew E. Luallen | @cybati
Matthew E. Luallen is the Chief Executive Inventor of IntelliGenesis, LLC. He leads the company in further developing and expanding training services to enhance the understanding of, and provide protection from, cyber-physical threats. IntelliGenesis acquired CybatiWorks™ where Luallen served as a Co-Founder of CYBATI. He also served as a Co-Founder of Dragos Security co-developing CyberLens™ for Operational Technology device and communications discovery and analysis. He was a Co-Founder of Encari, a NERC CIP cybersecurity consulting firm helping the US and Canadian power grid defend strategic assets from cyber-physical attacks. He was an Information Security Network Engineer and Architect at Argonne National Laboratory. He is a 22-year CCIE and an 18-year Certified Instructor for the SANS Institute.
10:00 am - 11:30 am
Network Traffic Analysis with Malcolm
Seth Grover | @sethdgrover
Idaho National Laboratory
11:30 am - 12:00 pm
Highlighting the Importance of Detection Context using the ATT&CK Evaluations for ICS Results
Otis Alexander | @ojalexander
12:00 pm - 1:00 pm
A Fireside Chat with August Cole
Fiction writer and futures consultant August Cole will talk about how thinking the thinkable is one of the most important ways to prepare for what’s ahead during the next 20 years - particularly when it comes to how autonomy and AI are poised to usher in a tumultuous era for American society, domestic security, and culture.
1:00 pm - 1:30 pm
Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure
Lauren Zabierek | @lzxdc
Harvard Kennedy School's Belfer Center for Science and International Affairs
Lauren Zabierek is the Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center. She comes to this role as a 2019 graduate of the Kennedy School's mid-career MPA program.
Lauren served as an intelligence officer in the United States Air Force at the beginning of her career. Later, as a civilian intelligence analyst with the National Geospatial Intelligence Agency (NGA) assigned to the Office of Counterterrorism, she completed three war zone deployments. Throughout her six years at NGA, she became a subject matter expert on Activity Based Intelligence (ABI) and served as an adjunct professor in ABI at the NGA college.
After leaving NGA, she joined the cybersecurity threat intelligence startup Recorded Future, and was instrumental in building its Public Sector business practice. In her role as a Senior Intelligence Analyst, she fused intelligence methodologies with cybersecurity and machine learning technologies to help public and private sector customers improve their cyber posture. She also managed a team of analysts and worked alongside the Product Management and Training teams to improve her customers' experience with the software.
A Gold Star Sister, Lauren is committed to supporting families of the fallen and has volunteered several times as a mentor with the Tragedy Assistance Program for Survivors (TAPS). She also co-founded the Recorded Future Women's Mentorship Initiative, helped to start a women's initiative at NGA, is a member of the NatSecGirlSquad, and is the co-founder of the online social media movement called #ShareTheMicInCyber, which aims to dismantle racism and sexism in cybersecurity and privacy.
1:30 pm - 2:00 pm
Fortifying ICS - Hardening and Testing
Dieter Sarrazyn | @dietersar
Dieter is a freelance SCADA/ICS/OT security consultant who’s working extensively on industrial control system security since 2008. He performs different kinds of security assessments within industrial environments including intrusion testing, physical penetration testing, technical system assessments, risk assessments and provides assistance in securing these environments. He also helps customers to manage security of solutions deployed by their industrial suppliers and integrators through doing security requirements management and security FAT and SAT tests. Next to assessing environments, he is also providing training and awareness sessions on scada/ics/ot security and coaches young graduates within this field.
2:00 pm - 2:30 pm
Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities
Joe Slowik | @jfslowik
Joe Slowik currently leads threat intelligence and network detection work at Gigamon. Previously, Joe performed security research for DomainTools and hunted ICS-focused adversaries for Dragos. Joe remains fascinated by the ICS landscape and critical infrastructure intrusions, and continues to pursue such topics personally and professionally.
2:30 pm - 3:00 pm
Leveraging SBOMs to Enhance ICS Security
Thomas Pace | @tommypastry
Thomas is currently the co-founder and CEO of NetRise, a cybersecurity company focusing on securing firmware across a heterogenous device set. Prior to NetRise, Thomas served as the Global Vice President of Enterprise Solutions at Cylance where his responsibilities ranged from conducting incident response investigations, product marketing, public speaking and analyst relations. Thomas was also responsible for ICS security at the DOE for 3 years and served in the United States Marine Corps serving in both Iraq and Afghanistan. Thomas has spoken at Black Hat, RSA, and was interviewed on 60 Minutes for his efforts related to ransomware.
3:00 pm - 3:30 pm
Smart Meters: I'm Hacking Infrastructure and So Should You
Hash Salehi | @BitBangingBytes
Hash grew up on IRC freely sharing information and benefitting from those more knowledgeable who were willing to reciprocate. He is the founder of RECESSIM, a reverse engineering community where information is freely shared. Over the last few years he has focused on reverse engineering smart meter technology analyzing both the RF communications and hardware design, openly publishing all his findings.
10:00 am - 10:30 am
Bottom-Up and Top-Down: Exploiting Vulnerabilities In the OT Cloud Era
Sharon Brizinov is the vulnerability research team lead at Claroty. He specializes in vulnerability research, malware analysis, network forensics, and ICS/SCADA security. In addition, Brizinov participated in well-known hacking competitions such as Pwn2Own, and he holds a DEFCON black-badge for winning the ICS CTF.
Uri is a security researcher at Claroty specializes in reverse engineering and vulnerability research across both embedded and Windows systems.
10:30 am - 11:00 am
Detecting Attackers Using Your Own Sensors with State Estimation
I have eight years infosec experience working in critical infrastructure, three years working in the power industry, four years working in the finance sector. My experience is mostly on the operations and implementation side, designing, implementing and operating Security Operations Centers. I have an education in Mechanical Engineering and am a mostly self-taught infosec professional. I currently work as a network and application penetration tester in the government sector.
11:00 am - 12:00 pm
Top 20 Secure PLC Coding Practices
Vivek Ponnada | @ControlsCyber
Vivek Ponnada works for GE as a Service Manager and is responsible for GE's Gas Power transactional customers (Utilities and Co-generation) across Canada. Prior to this role, he was in Sales & Business development (Control system upgrades and Cybersecurity solutions), and started his career as a Field Engineer, commissioning turbine controls systems in Europe, Africa, Middle-East and South East Asia. Vivek is passionate about industrial controls cybersecurity and enjoys learning & contributing to the security community.
Sarah Fluchs | @SarahFluchs
Sarah Fluchs is the CTO of admeritia, which specializes in security consulting for the process industry, manufacturing, and critical infrastructures. A process and automation engineer herself, Sarah is convinced that creating solid engineering methods that speak the language of automation engineers is key for OT Security. Her main research interests include security and systems engineering, security for safety, and security engineering information models. Sarah is an active contributor to ISA/IEC standards and a board member at the ISA Standards & Practices board and the German water industry organization KDW. She writes a monthly "security briefing for hard hats" (admeritia.de/hardhats) and a blog (fluchsfriction.medium.com). She's one of the founders and leaders of the Top 20 Secure PLC Coding Project (plc-security.com).
12:00 pm - 1:00 pm
ICS Cyber Threat Intelligence (CTI) Information Sharing Between Brazil and the United States
Paul de Souza
Cyber Security Forum Initiative (CSFI)
Mr. Paul de Souza is the Founder of the Cyber Security Forum Initiative (CSFI), a nonprofit organization specializing in cyberspace operations awareness and training. As a former Federal Director of Training and Education for Norman Data Defense Systems, Chief Security Engineer for AT&T, and security engineer for Computer Sciences Corporation (CSC) and US Robotics, Mr. de Souza has over 20 years of cybersecurity experience. He has consulted for several governments, military organizations, and private institutions around the globe. He is a recipient of the Order of Thor Medal.
Mr. de Souza holds various cybersecurity, cyber intelligence, and counter-terrorism Advisory Board positions for organizations such as the Military Cyber Professionals Association (MCPA), the Ben-Gurion University of the Negev in Israel, and IntellCorp in Portugal. Past board positions include the Institute of World Politics (IWP) and Visiting Research Fellow at the National Security Studies (INSS), Tel Aviv, Israel.
Paul serves as a visiting researcher, guest lecturer, ambassador, and faculty member for several higher educational institutions, such as Sheffield Hallam University (UK), Tel Aviv University, the Swedish Defence University (Försvarshögskolanand), American Public University, and George Washington University.
In addition to earning a master’s degree in National Security Studies with a concentration in Terrorism from American Military University, Mr. de Souza has completed the Executive Certificate Program in Counter-Terrorism Studies from the Interdisciplinary Center (IDC) Herzliya in Israel, is an alumnus from the Harvard Kennedy School’s Cybersecurity Executive Education program with a Higher Education Teaching certification from Harvard University, and is currently pursuing his Ph.D. in Critical Infrastructure from Capitol Technology University.
Brazilian Army Major Max Campos is Head of the Knowledge Management Section of the Department of Strategic Management of the Cyber Defense Command and serves as Coordinator of the Cyber Guardian Exercise Study Group. He has a master’s degree in Computer Systems from the University of Salvador (Brazil) and has earned his CISSP, GISCP, CISO and Cyber Ops certifications. With over a decade of cyber experience, Major Campos has supported various major international events such as Rio + 20, Confederations Cup, World Cup, and in many strategic projects of the Brazilian Ministry of Defense. Starting with the first iteration of the Cyber Guardian Exercise in 2018, he has acted as Coordinator of the Study Group and the leading representative of national critical infrastructure for the development of scenarios for sectors of interest in the formulation of themes and matters of interest to the sector.
Building upon a long career in government and the private sector, John Felker works with senior leaders to see and understand the big cybersecurity picture, the risk, and the business impact of cyber threats. He brings wide-ranging leadership, organizational, and business experiences that can help you prepare for the worst, understand, and address the issues, and ultimately, succeed. A sought-after cybersecurity and leadership expert, he is a frequent speaker at national and international cybersecurity conferences.
Felker is the former Assistant Director for Integrated Operations, Cybersecurity, and Infrastructure Security Agency (CISA) where he brought focus to integrated operations across the Agency that extended to Regional CISA elements, intelligence, operational planning, and mission execution with emphasis on risk mitigation and response efforts.
He previously served as the Director of the National Cybersecurity and Communications Integration Center from 2015 to 2019. Prior to joining CISA, Felker worked as Director of Cyber and Intelligence Strategy for HP Enterprise Services and in a 30-year career, served as Deputy Commander, Coast Guard Cyber Command; Commander, Coast Guard Cryptologic Group, as Executive Assistant to the Director of Coast Guard Intelligence and commanded the cutters CAPE UPRIGHT and RED CEDAR.
Felker is President of Morse Alpha Associates, Inc., a cyber leadership consultancy, serves as a member of the Parsons Corporation Senior Advisory Board, a Senior Advisor to the Chertoff Group, as a Senior Advisor to the Maritime Transportation System ISAC, a Senior Advisor to S-RM, an international cyber intelligence, response, and resilience company and a Senior Fellow at the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. He is a member of the National Technology Security Coalition’s Advisory Council and is currently on the Board of Directors of the Operation Renewed Hope Foundation and the Boards of Advisors for the Military Cyber Professionals Association, and the Cyber Security Forum Initiative.
He is the recipient of the Department of Homeland Security Outstanding Public Service Medal, and his military awards include the Defense Superior Service Medal, the Legion of Merit, and the Meritorious Service Medal.
Felker graduated from Ithaca College with a Bachelor of Science and earned his Master of Arts in Public Administration from the Maxwell School of Citizenship and Public Affairs at Syracuse University and has co-authored several papers on cyber intelligence under the auspices of the Intelligence and National Security Alliance.
Master's student in Cyber Security, Post-Graduate in IT Management, Digital Forensic and graduated in Information Systems. Held many management positions in Information Technology units, working last decades within Private, Civil, and Military Public agencies. Experienced in the development of Public Policies, Data Protection, Information, and Cyber Security, currently holds the position of Director of Information Technology at the Presidency of Brazil.
Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations. Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber-Physical testing environments for OT systems.
1:00 pm - 1:30 pm
ICS Intrusion KillChain explained with real simulation
Javier Perez | @the_s41nt
Director of R&D at Dreamlab Technologies. Fan of tech and cybersecurity, more than 10 years in the cybersecurity world. ISECOM OSSTMM and MILE2 instructor, trainer for private cybersecurity courses, speaker, researcher, cybersecurity consultant, penetration tester. During recent years, I have specialized in payment systems (EMV, NFC, POS, ATM) and industrial environment (ICS/SCADA).
Juan Escobar | @itsecurityco
Professional with solid skills and knowledge in pentesting methodologies such as OWASP and OSSTMM, with extensive expertise in projects of Ethical hacking web applications, mobile applications and infrastructure, ATM Pentesting and Code analysis, combined with a good attitude to work. He has extensive experience in the development of exploits for the Metasploit Framework, with excellent command of Python, PHP, Java, C#, C and Ruby programming languages. He developed a translation extension for Mozilla Firefox that currently has more than half a million active users: https://addons.mozilla.org/firefox/addon/to-google-translate/He has participated in international computer security competitions, together with the Latin American team NULL Life, as well as internationally recognized talks and conference.
1:30 pm - 2:00 pm
Building an ICS Firing Range (in our kitchen): Sharing Our Journey & Lessons Learned (so you don’t have to)
Nico has worked in IT security for over 15 years as security consultant and penetration tester. For the past two years, his focus has been on all several aspects of OT security. At NVISO Germany, he leads the security assessment team.
Moritz is a security consultant working in the NVISO Software and Security assessment team. He is an ICS and IoT enthusiast, getting into the latest technologies in both fields. He loves to program and reverse engineer stuff.
2:00 pm - 3:00 pm
Mary Brooks | @Mary_K_Brooks
R Street Institute
Mary Brooks is a senior research associate for Cybersecurity and Emerging Threats at R Street Institute. Before joining R Street, she was lead researcher and associate producer for The Perfect Weapon (2020). Prior to this, she served as the special assistant for the international human rights law firm Perseus Strategies, LLC, based in Washington, D.C. She graduated cum laude from Harvard University with a bachelor’s degree in government and a language certificate in Arabic.
Maggie Morganti | @magg_py
Maggie Morganti is a Product Security Researcher at Schneider Electric where she works on vulnerability handling, supply chain security, and secure product development for power systems. She also serves as the Director-Elect of the ISA Communications Division (COMDIV). She previously held roles as a Cyber Technical Staff member for Oak Ridge National Laboratory’s Power & Energy Systems team and as a Threat Intelligence Analyst for FireEye Mandiant’s Cyber-Physical team. She holds a M.S. in Intelligence Studies with a focus on cybersecurity from Mercyhurst University.
Tatyana Bolton | @TechnoTats
R Street Institute
Tatyana Bolton is the Policy Director for R Street’s Cybersecurity & Emerging Threats team. She crafts and oversees the public policy strategy for the department with a focus on secure and competitive markets, data security and data privacy, and diversity in cybersecurity. Most recently, Tatyana worked as the senior policy director for the U.S. Cyberspace Solarium Commission focusing on U.S. government reorganization and resilience portfolios. From 2017-2020, Tatyana also served at the Cybersecurity and Infrastructure Security Agency as the cyber policy lead in the Office of Strategy, Policy and Plans where she developed strategies for strengthening the cybersecurity of our nation’s critical infrastructure.
Chris Sistrunk | @chrissistrunk
Chris Sistrunk is Technical Manager on the Mandiant ICS/OT Security Consulting team at FireEye focusing on protecting critical infrastructure. Before FireEye, Sistrunk was a Senior Engineer at Entergy where he was a subject matter expert for Transmission & Distribution SCADA systems. Sistrunk was awarded Energy Sector Security Professional of the Year in 2014. He is a Senior Member of the IEEE and is a registered Professional Engineer in Louisiana. He founded BSidesJackson, co-founded the BEER-ISAC, and helped organize the ICS Village at DEFCON 22. He holds BS Electrical Engineering and MS Engineering & Technology Management degrees from Louisiana Tech University.