This event has ended. Visit the official site or create your own event on Sched.
This is the AGENDA FOR 2022 -- Please visit the main website for the latest conference information. 
Trippe [clear filter]
Tuesday, October 25

8:00am EDT

Breakfast Session: The Checks and Balances for Cybersecurity Readiness
Large or small, cyberattacks are making headlines and elevating executive attention toward cyber resiliency. Preparing for, responding to and recovering from cyberattacks should be a strategic part of any business continuity plan. As recent cyberattacks have demonstrated increased risk to both IT and operational technology (OT) environments, readiness equates to enforcement of rules and policies that provide the visibility, control and situational awareness to respond at the speed of business. Cybercriminals are maximizing their opportunity by exploiting older vulnerabilities and an expanding attack surface. Strategic readiness should be underpinned with the notion that eventually an attack will happen, and when it occurs, you are proactively ready to respond. During this session, we will explore security considerations for developing cyber resilience covering security fundamentals and readiness planning to protect your IT and OT environments.

avatar for Nate Dann

Nate Dann

Director, Operational Technology Southeast, Fortinet
Nathan brings more than 10 years of experience in industrial networking and factory automation. He has worked directly with teams implementing and automating Industrial Control Systems (ICS) across a variety of critical infrastructure environments including Manufacturing, Transportation... Read More →

Tuesday October 25, 2022 8:00am - 8:45am EDT

10:45am EDT

Why Endpoint Management is Key to Securing OT Environments
ICS (or more broadly OT/Cyber Physical systems) security is now a critical issue for senior management and boards of directors. The increase in ransomware, the spiraling costs of insurance and the necessary reporting requirements to even access coverage, as well as growing regulatory burdens require a change in mindset when it comes to protecting these systems. No longer can organizations “check the box” and say “oh, I have a basic inventory” or “at least I have some network monitoring occurring”. CISOs (driven by their boards, insurers, and regulators) now need to achieve the same level of security in ICS as they have achieved in IT. They need to demonstrate how they are practically improving security….going from red to green on key metrics and security controls. This requires the focus to go beyond the network (firewalls, monitoring, etc.) and get to the endpoint. They need to find a way of protecting and managing those endpoints to improve the overall protection of the control systems.

Join this session to learn how you can practically, efficiently, and safely manage and protect OT endpoints:
• How to gather accurate visibility into all assets across all sites in one place
• Prioritizing remediation based on asset and risk context
• Enabling response, not just detection, in an OT-safe way
• Demonstrating true security progress

avatar for John Livingston

John Livingston

CEO, Verve Industrial Security
John leads Verve's mission to protect the world’s infrastructure. He brings 20+ years of experience from McKinsey & Co. advising large companies in strategy and operations. John's committed to helping clients find the lowest cost and simplest solutions for controls, data and ICS... Read More →

Tuesday October 25, 2022 10:45am - 11:15am EDT

11:30am EDT

Are Zero Trust Industrial Networks Achievable?
The Pandemic brought zero trust to the forefront with the advent of Hybrid work and creating the perimeter less enterprise. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero trust within the industrial space is often misrepresented and there can be confusion on what can or cannot be implemented. This quick overview will provide guidance on:
  • What Zero Trust is
  • Why Zero Trust can be challenging to implement in OT
  • Where Zero Trust applies across an Industrial Architecture
  • Starting the Zero Trust Journey while securing ICS with Industrial Standards.

avatar for Jason Greengrass

Jason Greengrass

Principal IoT Architect, Palo Alto Networks

Tuesday October 25, 2022 11:30am - 11:50am EDT

12:15pm EDT

Lunch Workshop: CISA Alert (AA22-265A) - Control System Defenses: Know the Opponent, know their steps. Anatomy of a Port Infrastructure Attack
Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. Traditional approaches to securing OT/ICS do not adequately address current threats to those systems. However, owners and operators who understand cyber actors’ tactics, techniques, and procedures (TTPs) can use that knowledge when prioritizing hardening actions for OT/ICS.  Join Armis in reviewing the anatomy of a port infrastructure attack and how the lessons of Sun Tzu can help in protecting our critical infrastructure against advanced persistent threat (APT) groups.

avatar for Keith Walsh

Keith Walsh

Director, OT Strategy and Operations, Armis
Keith has been in the IoT and OT space since 2010 helping to protect and harden the lifecycle of critical infrastructure devices found within our nation's grid, healthcare and medical devices, transportation, DoD, smart city, and critical manufacturing. Keith has worked with the largest... Read More →

Tuesday October 25, 2022 12:15pm - 12:45pm EDT
Wednesday, October 26

8:00am EDT

Breakfast Session: Network Engineering for Deterministic Protection
Security engineering eliminates entire classes of cyber risk to operations, while cyber security only reduces those risks. This makes security engineering and the network engineering sub-discipline essential for industrial operations that must carry the Internet's threat load predictably, affordably, and for decades. In this presentation we take a deep dive into four powerful techniques for network engineering: hard segregation for safe cloud connections, unidirectional networks, hard wiring for safe access to safety systems and the Internet, and the (few) places it still makes sense to use real air gaps. These and other engineering-grade solutions are a blind spot in many cybersecurity programs - for example: where do buckling relief valves fit in the NIST Framework? We must expand our cyber risk programs beyond cybersecurity if we want those programs to be effective in addressing today's steadily-increasing threat loads.

avatar for Andrew Ginter

Andrew Ginter

VP Industrial Security, Waterfall Security Solutions
At Waterfall, Andrew leads a team of experts who work with the world's most secure industrial enterprises. Before Waterfall, Andrew led the development of high-end industrial control system products at Hewlett-Packard, of IT/OT middleware products at Agilent Technologies, and of the... Read More →

Wednesday October 26, 2022 8:00am - 8:45am EDT

10:30am EDT

Using “Man-in-the-Middle” to build a Zero-Trust Architecture
(Access Livestream and On Demand Video Here)

Designing a Zero Trust Architecture can seem like a daunting task. Rome wasn’t built in a day either! As you begin your journey you must start from the basics of what Zero Trust is and what it means to your organization. Then you must identify a starting point and develop an execution plan. In some cases that plan can be as simple as using known strategies from the adversaries to combat the adversaries.

What If I told you that designing a “man-in-the middle” mitigation could start you on your journey of achieving a zero-trust architecture? Join us as we talk about being “in the middle” and how this approach can allow you to broker the trust relationships as we talk about:
  • Utilizing an Intermediate System to establishing session controls
  • Establishing conditional access policies and parameters
  • Doing this with a single tool that will also provide you with situational Awareness.

avatar for Pam Johnson

Pam Johnson

VP Business Operations and Customer Experience, TDI Technologies
Pam Johnson is a 25-year, growth-phase software veteran. Johnson thrives in a fast-paced, innovative environment assuring customer success and solving business problems. Her responsibilities at TDi Technologies include professional services, customer support, sales, marketing and... Read More →

Wednesday October 26, 2022 10:30am - 11:00am EDT

11:15am EDT

Is ‘Wait-and-See’ a Good OT Security Strategy?
Modernization of operational technology has brought about significant challenges. Can we justify a wait-and-see approach when it comes to securing OT? The operations in OT/ICS used to be relatively straight forward, but as we become more dependent on connectivity, the challenges securing cyber assets become more complex. We’ll focus on use cases that deal with some of the most prevalent issues organizations encounter today: Legacy systems, insecure protocols, and ‘whose job is it anyway?’ are some of the topics we’ll discuss.

avatar for Jim Montgomery

Jim Montgomery

Solution Architect, TXOne Networks
Jim Montgomery is a 30-year veteran of IT security working in all aspects of solution design, deployment an implementation. During this time, he has helped several fortune 100 companies implement complex strategies for operational efficiency and secure processing. Jim is currently... Read More →

Wednesday October 26, 2022 11:15am - 11:45am EDT

12:15pm EDT

Lunch Workshop: Life After Segmentation: What Comes Next in Your OT Security Strategy
ICS networks have traditionally been segmented from the rest of the enterprise network with most cyber threats stemming from human error, accidents, and acts of physical sabotage. The increasing integration of OT with business networks and internet-based applications has vastly increased the prevalence and complexity of cyber threats to ICS networks. As a result, segmentation/air gapping is is no longer the finish line for a good security strategy. To defend against a diverse set of cyber threats, you need a comprehensive ICS security strategy.

Join our lunch and learn session to learn how to go beyond segmentation and bring your OT security strategy to the next level. We’ll cover:
  • How to get a clear understanding of all the assets in on your networks and how to identify blindspots
  • Advanced threat detection and vulnerability assessment to identify and prioritizes security risks
  • How to predict and detect OT process and stability issues giving you early warning signs of possible downtime

avatar for Gehron (Ronny) Fredericks

Gehron (Ronny) Fredericks

Field CTO, Nozomi Networks
Gehron “Ronny” Fredericks is Field CTO at Nozomi Networks. He holds a Master’s degree in Digital Forensics & Cyber Investigation and an additional MBA from UMUC. Ronny has unique OT experience from his time at leading energy provider, Exelon Corporation, as a Senior Security... Read More →

Wednesday October 26, 2022 12:15pm - 1:00pm EDT
Filter sessions
Apply filters to sessions.