Category: Uncategorized

LPPC Member Conference 2024 San Antonio, Texas Joined by fellow panelists Manny Cancel of E-ISAC and Emma Stewart of Idaho National Laboratory Read more

Gartner Security and Risk Management Summit 2024 Sydney, Australia This year makes the 7th Year in Review that I was involved in forming up. The core team of contributors started planning for Year in Review back in May of 2023. This was my first public venue in presenting this year’s content, including Dragos observed Voltzite… Read more

DistribuTECH Orlando, Florida Got the chance to speak on another great panel. Agenda: As of 2022, the US is the most active region in power digitalization based on data compiled by BloombergNEF. However, as utilities digitalize, and information and operational technologies (IT/OT) integrate, cybersecurity is increasingly critical for utility resilience. This panel session will be… Read more

Global Cybersecurity Forum Riyadh, Kingdom of Saudi Arabia I was invited as a panelists to speak at GCF, GCF is a unique event focused on creating global dialog of strategic cybersecurity topics. From the post-conference report: The “Ready for Goodbyes?” panel explored the issues associated with critical system obsolescence given the clear potential for emerging… Read more

Panel @ AUSA Hot Topic Series Arlington VA I was privileged to afford the opportunity to be on a panel speaking to critical infrastructure and OT challenges with a largely US Army audience with a great group of panelists including Dave Forbes (Booz Allen), Ann Dunkin (DOE), and Mark Bristol (MITRE). Read more

RSA Conference 2022 San Francisco, CA CHERNOVITE is a threat activity group who built a toolset tailored to disrupt a broad range of industrial control systems, dubbed PIPEDREAM. This malware represents only the 7th malware tailored to ICS operations. We will discuss CHERNOVITE in context to the overall ICS threat landscape and describe how PIPEDREAM… Read more

BSides: Charm City 2022 Baltimore, MD Originally on the agenda: Gain an in-depth look at old case studies and new research across 2021 highlighting new ICS threat groups, vulnerabilities, and insights from the field including incident response case studies of previously unreported incidents. This session will give a ground-truth reality and primer on what is… Read more

ICS Cyber Security Conference Atlanta GA The Cyber Incident Reporting Act for Critical Infrastructure Act, which was enacted in March 2022, will require critical infrastructure organizations to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. This aggressive timeline will require companies to have enhanced identification, escalation, and investigation processes… Read more

Energysec Security & Compliance Summit The Internet (virtual) For the last four years Dragos as published annual trend reports of our observations from the field and the adversary. This talk puts the trends into a different perspective: what are our errors over the years as a community? Where are our biases? Understanding these help understand… Read more

Annual Commissioner-led Reliability Technical Conference The Internet (virtual) I was humbled at a second opportunity to testify to the commision with fellow panelists: The group spoke to and answered Commissioner questions as part of the panel: The electric grid faces constant and evolving cyber threats that have the potential to result in devastating consequences for… Read more

Rocky Mountain Information Security Conference The Internet (virtual) Threats to critical infrastructure remain at an all-time high and many companies struggle to bridge the gaps between their corporate IT environments and the Operational Technology (OT) systems. This panel will discuss current threats to OT environments and mitigation strategies companies can adopt to deal with those… Read more

RSA Conference 2021 San Francisco, CA (Virtual) This session is comprised of three, 7-minute Lightning Talks followed by Q&A with speakers. The presentation recordings below include: Read more

KIACS 2019 Kuwait City The Kuwait Industrial Automation & Control Systems Cyber Security Conference (KIACS) gratiously invited me to keynote their 4th annual event. recording available here Read more

GridSecCon Atlanta, GA Sam Chanoski, E-ISAC moderated this panel I participated on along with fellow panelists: this event wasn’t recorded Read more

S4x2019 Miami Beach, Florida This was a debate MCed by Dale Peterson between myself and Steve Miller (then Mandiant). My position was that yes, you do need OT specific tools and talent due to the unique nature of our industrial environments. recording Read more