presentations.

LPPC Member Conference 2024 San Antonio, Texas Joined by fellow panelists Manny Cancel of E-ISAC and Emma Stewart of Idaho National Laboratory

Gartner Security and Risk Management Summit 2024 Sydney, Australia This year makes the 7th Year in Review that I was involved in forming up. The core team of contributors started planning for Year in Review back in May of 2023. This was my first public venue in presenting this year’s content, including Dragos observed Voltzite…

DistribuTECH Orlando, Florida Got the chance to speak on another great panel. Agenda: As of 2022, the US is the most active region in power digitalization based on data compiled by BloombergNEF. However, as utilities digitalize, and information and operational technologies (IT/OT) integrate, cybersecurity is increasingly critical for utility resilience. This panel session will be…

Global Cybersecurity Forum Riyadh, Kingdom of Saudi Arabia I was invited as a panelists to speak at GCF, GCF is a unique event focused on creating global dialog of strategic cybersecurity topics. From the post-conference report: The “Ready for Goodbyes?” panel explored the issues associated with critical system obsolescence given the clear potential for emerging…

Panel @ AUSA Hot Topic Series Arlington VA I was privileged to afford the opportunity to be on a panel speaking to critical infrastructure and OT challenges with a largely US Army audience with a great group of panelists including Dave Forbes (Booz Allen), Ann Dunkin (DOE), and Mark Bristol (MITRE).

RSA Conference 2022 San Francisco, CA CHERNOVITE is a threat activity group who built a toolset tailored to disrupt a broad range of industrial control systems, dubbed PIPEDREAM. This malware represents only the 7th malware tailored to ICS operations. We will discuss CHERNOVITE in context to the overall ICS threat landscape and describe how PIPEDREAM…

BSides: Charm City 2022 Baltimore, MD Originally on the agenda: Gain an in-depth look at old case studies and new research across 2021 highlighting new ICS threat groups, vulnerabilities, and insights from the field including incident response case studies of previously unreported incidents. This session will give a ground-truth reality and primer on what is…

ICS Cyber Security Conference Atlanta GA The Cyber Incident Reporting Act for Critical Infrastructure Act, which was enacted in March 2022, will require critical infrastructure organizations to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. This aggressive timeline will require companies to have enhanced identification, escalation, and investigation processes…

Energysec Security & Compliance Summit The Internet (virtual) For the last four years Dragos as published annual trend reports of our observations from the field and the adversary. This talk puts the trends into a different perspective: what are our errors over the years as a community? Where are our biases? Understanding these help understand…

Annual Commissioner-led Reliability Technical Conference The Internet (virtual) I was humbled at a second opportunity to testify to the commision with fellow panelists: The group spoke to and answered Commissioner questions as part of the panel: The electric grid faces constant and evolving cyber threats that have the potential to result in devastating consequences for…