Category: Presentation
-
Confronting the Next Wave of Cyber Threats
LPPC Member Conference 2024 San Antonio, Texas Joined by fellow panelists Manny Cancel of E-ISAC and Emma Stewart of Idaho National Laboratory
-
“Prepare for Tomorrow”: Trends to Factor into your OT Cybersecurity Strategy
Gartner Security and Risk Management Summit 2024 Sydney, Australia This year makes the 7th Year in Review that I was involved in forming up. The core team of contributors started planning for Year in Review back in May of 2023. This was my first public venue in presenting this year’s content, including Dragos observed Voltzite…
-
Utilities, Beef Up Your Cybersecurity
DistribuTECH Orlando, Florida Got the chance to speak on another great panel. Agenda: As of 2022, the US is the most active region in power digitalization based on data compiled by BloombergNEF. However, as utilities digitalize, and information and operational technologies (IT/OT) integrate, cybersecurity is increasingly critical for utility resilience. This panel session will be…
-
Ready for Goodbyes?
Global Cybersecurity Forum Riyadh, Kingdom of Saudi Arabia I was invited as a panelists to speak at GCF, GCF is a unique event focused on creating global dialog of strategic cybersecurity topics. From the post-conference report: The “Ready for Goodbyes?” panel explored the issues associated with critical system obsolescence given the clear potential for emerging…
-
Defending Army OT & Critical Infrastructure
Panel @ AUSA Hot Topic Series Arlington VA I was privileged to afford the opportunity to be on a panel speaking to critical infrastructure and OT challenges with a largely US Army audience with a great group of panelists including Dave Forbes (Booz Allen), Ann Dunkin (DOE), and Mark Bristol (MITRE).
-
CHERNOVITE and PIPEDREAM: Understanding the Latest Evolution of ICS Malware
RSA Conference 2022 San Francisco, CA CHERNOVITE is a threat activity group who built a toolset tailored to disrupt a broad range of industrial control systems, dubbed PIPEDREAM. This malware represents only the 7th malware tailored to ICS operations. We will discuss CHERNOVITE in context to the overall ICS threat landscape and describe how PIPEDREAM…
-
ICS/OT Cyber Threats, Vulnerabilities, and Incidents: Past and Present
BSides: Charm City 2022 Baltimore, MD Originally on the agenda: Gain an in-depth look at old case studies and new research across 2021 highlighting new ICS threat groups, vulnerabilities, and insights from the field including incident response case studies of previously unreported incidents. This session will give a ground-truth reality and primer on what is…
-
72 Hours and Counting: Preparing for and Responding to Critical Infrastructure Cyber Incidents
ICS Cyber Security Conference Atlanta GA The Cyber Incident Reporting Act for Critical Infrastructure Act, which was enacted in March 2022, will require critical infrastructure organizations to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. This aggressive timeline will require companies to have enhanced identification, escalation, and investigation processes…
-
Critical Infrastructure: Noise and Bias in our Security Programs
Energysec Security & Compliance Summit The Internet (virtual) For the last four years Dragos as published annual trend reports of our observations from the field and the adversary. This talk puts the trends into a different perspective: what are our errors over the years as a community? Where are our biases? Understanding these help understand…
-
FERC Testimony: Managing Cyber Risks in the Electric Power Sector
Annual Commissioner-led Reliability Technical Conference The Internet (virtual) I was humbled at a second opportunity to testify to the commision with fellow panelists: The group spoke to and answered Commissioner questions as part of the panel: The electric grid faces constant and evolving cyber threats that have the potential to result in devastating consequences for…
-
OT Industry, a panel
Rocky Mountain Information Security Conference The Internet (virtual) Threats to critical infrastructure remain at an all-time high and many companies struggle to bridge the gaps between their corporate IT environments and the Operational Technology (OT) systems. This panel will discuss current threats to OT environments and mitigation strategies companies can adopt to deal with those…
-
Lessons Learned from the Field: The Dragos Year in Review
RSA Conference 2021 San Francisco, CA (Virtual) This session is comprised of three, 7-minute Lightning Talks followed by Q&A with speakers. The presentation recordings below include:
-
Defending our Industrial Automation
KIACS 2019 Kuwait City The Kuwait Industrial Automation & Control Systems Cyber Security Conference (KIACS) gratiously invited me to keynote their 4th annual event. recording available here
-
Future Threats- What Comes Next?
GridSecCon Atlanta, GA Sam Chanoski, E-ISAC moderated this panel I participated on along with fellow panelists: this event wasn’t recorded
-
Are OT Specific Tools and Talent Required to Detect Attacks on ICS?
S4x2019 Miami Beach, Florida This was a debate MCed by Dale Peterson between myself and Steve Miller (then Mandiant). My position was that yes, you do need OT specific tools and talent due to the unique nature of our industrial environments. recording