presentations.

Rocky Mountain Information Security Conference The Internet (virtual) Threats to critical infrastructure remain at an all-time high and many companies struggle to bridge the gaps between their corporate IT environments and the Operational Technology (OT) systems. This panel will discuss current threats to OT environments and mitigation strategies companies can adopt to deal with those…

RSA Conference 2021 San Francisco, CA (Virtual) This session is comprised of three, 7-minute Lightning Talks followed by Q&A with speakers. The presentation recordings below include:

KIACS 2019 Kuwait City The Kuwait Industrial Automation & Control Systems Cyber Security Conference (KIACS) gratiously invited me to keynote their 4th annual event. recording available here

GridSecCon Atlanta, GA Sam Chanoski, E-ISAC moderated this panel I participated on along with fellow panelists: this event wasn’t recorded

S4x2019 Miami Beach, Florida This was a debate MCed by Dale Peterson between myself and Steve Miller (then Mandiant). My position was that yes, you do need OT specific tools and talent due to the unique nature of our industrial environments. recording

Annual Commissioner-led Reliability Technical Conference FERC HQ I was humbled to be asked to speak to the Commission on the topic of Cyber Threats. I regret that I can’t locate a list of panelists who also participated. Much of my testimony was centered on CRASHOVERRIDE and ELECTRUM activities. Agenda: There is a widespread understanding among…

GridSecCon Las Vegas, Nevada This was a half day training session built from labs designed for the first version of Dragos 5 Day Advanced ICS class.

Black Hat USA // Las Vegas, Nevada The first public presentation surrounding the CRASHOVERRIDE malware, the first malware designed to dirupt electric power systems and involved in the Ukraine 2016 cyberattack against a transmission substation. I co-presented with Anton Cherepanov (e-set), Joe Slowik (Dragos), Robert M. Lee (Dragos), and Robert Lipovsky (e-set). I’m unaware of…

Industrial Control Systems Working Group (ICSJWG) Minneapolis, Minnesota A Dedux of the MIMICS research as presented at SANS ICS Summit but re-oriented to put into the larger perspective of the known threats around industrial control systems. No recordings exist.

SANS ICS Summit Orlando, Florida This keynote was co-presented with Robert M. Lee. It detailed my MIMICS (Malware In Modern Industrial Control Systems) research project of trolling through virustotal to understand some of the lurking trends and behaviors around ICS from the guise of self propogated malware, poor security behaviors, and data leakages. We also…