10:00 am - 11:00 am
Ohm, how do I get into ICS?
Dennis Skarr
Dennis Skarr is tenured faculty at Everett Community College (EvCC) where he teaches Information Technology. Dennis enjoys creating classes for his students which include tabletop and capstone exercises replicating real world experiences in cybersecurity, misinformation, and ethical hacking. His teaching endeavors resulted in receiving the 2019 Exceptional Faculty Award from EvCC. Dennis is currently building an Industrial Cybersecurity Program for EvCC that includes classes, workshops, and Capture the Flag competitions.
Josephine Hollandbeck
Josephine Hollandbeck recently graduated with honors from Whatcom Community College (WCC) with a Bachelor’s of Applied Science in Cybersecurity and IT Networking and also served as President of WCC’s WiCys club. Currently, she is pursuing additional education and certifications for Industrial Controls Security and Automation while working on near completion of a five-year Inside Wireman Electrician program with International Brotherhood of Electrical Workers (IBEW). Josephine is pursuing career opportunities in industrial cybersecurity.
Kairie Pierce
Kairie Pierce is the Lead Workforce Development Director for the Washington State Labor Council (WSLC), AFL-CIO. Kairie has worked with all of the community and technical colleges in the Washington State area recruiting labor members to serve on the CTC advisory committees. She is currently a board member of Washington State Workforce and Training Board. Her current position blends all of her working passions of registered apprenticeship and workforce education.
Erin Cornelius
Erin Cornelius is a senior security researcher with GRIMM's Cyber Physical Security team. She helped develop and teach GRIMM’s Automotive Security training and has given talks on the topic of automotive and aerospace security. Before joining GRIMM and officially becoming a cybersecurity researcher Erin spent over 15 years developing, integrating, and testing safety critical systems for a variety of fields including telecom, aerospace, and medical. My twitter handle is @e_er1in
Christine Reid
Christine Reid is the Political Director for International Brotherhood of Electrical Workers (IBEW) 77 and a proud member of the since 2006. For 16 years she worked within a local private utility that provides both natural gas and electric to their customers. As the Political Director she is working toward state recognized registered apprenticeships into cybersecurity, in support of and protection of our critical infrastructure, utilities, members and customers.
11:00 am - 11:30 am
Closing a Security Gap in the Industrial Infrastructure Ecosystem: Under-Resourced Organizations
Dawn Cappelli
Dawn Cappelli is the Director of OT-CERT (Operational Technology – Cyber Emergency Readiness Team) at the industrial cybersecurity company Dragos. She plays a critical part in building, supporting, and organizing a network of global public and private sector leaders and partners to enable and replicate best practices across industries and expand the Dragos commitment to help mitigate shared ICS OT challenges. Dawn was CISO for Rockwell Automation from 2016-2022 after serving as Director, Insider Risk. Previously she was Founder and Director of Carnegie Mellon’s CERT Insider Threat Center. She started her career as a software engineer programming nuclear power plants for Westinghouse. She co-authored the book “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud),” which was inducted into the Cybersecurity Canon - a list of must-read books for all cybersecurity practitioners.
Cappelli is a Certified Information Systems Security Professional, holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat (OSIT) information sharing group and is a member of the RSA Conference Advisory Board, the Cybersecurity Collaborative Executive Committee, and the CyberWire Hash Table. She was awarded the 2022 CIO Choice Lifetime Achievement Award by the Pittsburgh Technology Council, inducted into the ISSA Hall of Fame in 2021, honored as a member of the 2021 CISOs Top 100 CISOs, 2020 Global CISO 100, and was named Pittsburgh CISO of the Year in 2018.
11:30 am - 12:00 pm
CRITICAL FINDING: Lessons Learned from Dozens of Industrial Network Architecture Reviews
Nate Pelz
I'm currently an Industrial Incident Responder at Dragos, reporting to Lesley Carhart. When my team isn't responding to industrial incidents, we perform OT network architecture review assessments, threat hunts, and tabletop exercises for a range of utilities and industrial clients. Prior to Dragos, I worked as a cybersecurity specialist on a presidential transition team, a security incident manager at a large healthcare technology company, and a Python software developer.
Miriam Lorbert
Miriam Lorbert is a Senior Industrial Consultant at the industrial cybersecurity company Dragos, Inc. where she assists the professional services teams in conducting network and vulnerability assessments. Prior to joining Dragos, Miriam started her career as an Instrumentation Electrical Engineer and then developed into the Control Systems and Network Security position at Chalmette Refining in New Orleans, LA. Her work at the refinery inspired her to make a career shift and focus entirely on a Cybersecurity Engineering role with GE and pursue her Masters degree. Miriam enjoys exploring different cities by way of food, spending time with family, Formula One, and puzzles.
12:00 pm - 1:00 pm
Understanding Modbus TCP and the GRACE Console [[Maritime]]
Dave Burke
Prior to joining Fathom5, Dr. Burke spent 10 years working at various positions within the government. From acting as the Program Executive Officer for NAVAIR to becoming a chairman of the NATO UAS and then the Director of Cyber Warfare Detachment, Dr. Burke has mastered the focus and understanding of cybersecurity. In the summer of 2019, Dr. Burke left government service to join Fathom5 as their chief engineer where he directs the development of novel approaches to embedded system DEVOPS and cybersecurity. He holds three bachelor’s degrees in electrical engineering, computer engineering, and computer science from North Carolina State University, a master’s degree in computer engineering, and a Ph.D. in aerospace engineering.
1:00 pm - 2:00 pm
The USCG's Maritime Cybersecurity Strategy [[maritime]]
RADM John Mauger
Rear Admiral Mauger assumed the duties of Commander, First Coast Guard District in May 2022. He oversees all Coast Guard missions across eight states in the Northeast including over 2,000 miles of coastline from the U.S.-Canadian border to northern New Jersey and 1300 miles offshore. Rear Admiral Mauger previously served as the Assistant Commandant for Prevention Policy, responsible for the development of national policy, standards, and programs promoting Marine Safety, Security and Environmental Stewardship.
2:00 pm - 3:00 pm
Exposing aberrant network behaviors within ICS environments using a Raspberry Pi
Mike Raggo
Michael T. Raggo has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books co-authored with Chet Hosmer, and is a contributing author to Information Security the Complete Reference 2nd Edition. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; is a former participating member of FSISAC/BITS and PCI Council, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
Chet Hosmer
Chet serves as a Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching the application of Python and Machine Learning to advance cybersecurity challenges. Chet is also the Founder of Python Forensics, Inc. which is focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has been researching and developing technology and training surrounding forensics, digital investigation, and steganography for decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cybersecurity and forensics with Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine.
3:00 pm - 3:30 pm
Wind Energy Cybersecurity: Novel Environments facing Increased Threats
Meg Egan
Meg Egan is a Control Systems Cybersecurity Analyst at Idaho National Lab's Cybercore Integration Center where she supports INL's Consequence-driven, Cyber-informed Engineering portfolio, serves as lead analyst for the ICS Situation Threat Awareness Team, and works on programs for a variety of U.S. Government customers. She is also currently pursing a Masters of Cyber Operations and Resilience from Boise State University and has degrees in International Affairs from Penn State University.
3:30 pm - 4:00 pm
Power Flow 101 for hackers and analysts
Stefan Stephenson-Moe
Stefan started his career working in the Power Industry, for a major Power company that was based in the South. He is a mechanical engineer by training but ended up working in infosec. He helped stand up the first SOC at a major utility and was one of its first four members. He has both red and blue experience working as a security engineer at a major bank as well as a penetration tester for Coalfire. He currently works for Splunk helping people understand how all data can be securitydata. He is a strong believer in the idea that you can't protect what you don't understand, and right now most analysts don't understand the physics behind the systems they're protecting.
4:00 pm - 5:00 pm
Research and Deliverables on Utilizing an Academic Hub and Spoke Model to Create a National Network of ICS Institutes
Casey O'Brien
Casey W. O'Brien is the Assistant Director for Cyber Defense Education and Training with the Information Trust Institute in The Grainger College of Engineering at the University of Illinois Urbana-Champaign. Casey has more than 25 years of large-scale information security and IT engineering, implementation, and management experience in challenging and cutting-edge public and private sector environments. Casey is the Technical Editor of five textbooks: Ethical Hacking & Systems Defense, Linux Server Fundamentals, Information Security Fundamentals, Introduction to Scripting, and Networking Fundamentals.
5:00 pm - 5:30 pm
Why aren’t you automating?
Don C. Weber
Marine, Hacker, Breaker of Things
5:30 pm - 6:00 pm
Stop worrying about Nation-States and Zero-Days; let's fix things that have been known for years!
Vivek Ponnada
Vivek Ponnada is an OT practitioner with global (14 countries) experience and currently works at Nozomi Networks as a Regional Sales Director. Having started his career in ICS as an Instrumentation Technician, Vivek became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa and South-East Asia. Throughout his career, Vivek held multiple roles including Sales, Marketing & Business Development and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, Mining etc.) industries at GE and ICI Electrical Engineering in North America. He is the co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks/contributions include S4x22, Gartner Risk Summit, GRIMMCon 0x7, BSides Vancouver and many others. Vivek has a Bachelors Degree in Electrical Engineering from I.E. India, MBA from The University of Texas at Austin and GICSP certification from GIAC. He is an active member of the Infosec community as a Board Member for Mainland Advanced Research Society (Vancouver, BC), member of the ISA and also a Volunteer for ISACA.
10:00 am - 11:00 pm
Industry 4.0 and the MTS of the Future – Convergence, Challenges and Opportunities [[MARITIME]]
Zac Staples
Zac Staples is the Founder and CEO of Fathom5, an emerging global leader in industrial technology headquartered in Austin, Texas. Before launching Fathom5, Zac served in the U.S. Navy for over two decades, culminating a long career of shipboard service as Director of the Center for Cyber Warfare at the Naval Postgraduate School in Monterey, California. He brings a lifelong focus on mission-critical systems and high reliability under extreme conditions.
11:00 am - 11:30 am
Describing Maritime Cyber work roles Using the NICE Framework
Tyson B. Meadors
LCDR Tyson B. Meadors is a Navy Cyber Warfare Engineer currently assigned to Cryptologic Warfare Activity SIXTY SEVEN. He previously served both afloat and ashore as a Surface Warfare Officer and Naval Intelligence Officer. From 2017-2018, he was a Director of Cyber Policy on the National Security Council Staff, where he advised the President, Vice President, and multiple National Security Advisors on cyber operations policy, technology, and threats and helped draft multiple national-level strategies and policies. Prior to commissioning from the US Naval Academy, worked as a journalist and taught English in the People’s Republic of China. He is the only naval officer to ever defeat a guided missile destroyer in a real-world engagement and is also the founder and CEO of Ex Mare Cyber, a cybersecurity consultancy.
11:30 am - 12:00 pm
Taking MITRE ATT&CK for ICS to Sea
Tyson B. Meadors
LCDR Tyson B. Meadors is a Navy Cyber Warfare Engineer currently assigned to Cryptologic Warfare Activity SIXTY SEVEN. He previously served both afloat and ashore as a Surface Warfare Officer and Naval Intelligence Officer. From 2017-2018, he was a Director of Cyber Policy on the National Security Council Staff, where he advised the President, Vice President, and multiple National Security Advisors on cyber operations policy, technology, and threats and helped draft multiple national-level strategies and policies. Prior to commissioning from the US Naval Academy, worked as a journalist and taught English in the People’s Republic of China. He is the only naval officer to ever defeat a guided missile destroyer in a real-world engagement and is also the founder and CEO of Ex Mare Cyber, a cybersecurity consultancy.
12:00 am - 1:00 pm
Understanding AIS Protocols and the GRACE Console [[Maritime]]
Gary Kessler
Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This "lunchtime tutorial" will discuss the protocols associated with the Automatic Identification System (AIS), the widely-used maritime situational awareness system and part of the Grace Navigation console. This mini-tutorial will describe the AIS protocol and transmission format used between vessels using radio transmission.
1:30 pm - 2:00 pm
Cyber Physical Lab Environment for Maritime Cyber Security
Wesley Andrews
I have Masters in Electronics Engineering and have many years of professional and personal experience with electronics engineering and product development. I currently work as an industrial research associate and the lead engineer for the Cyber-SHIP lab at the University of Plymouth, I also have some experience within cyber security and an interest in aerospace engineering and physics.
2:00 pm - 3:00 pm
Keeping Beer Cold: Attackers, ICS and Cross-Sector Defense
John Bryk
Cyber and Physical Threat Intelligence Analyst at Downstream Natural Gas ISAC
Jaquar Harris
Director of Intelligence Services at Global Resilience Federation
Tim Chase
Program Director at Manufacturing ISAC
2:00 pm - 3:00 pm
The Perfect Storm: Deception, Manipulation, and Obfuscation on the High Seas
Rae Baker
Rae Baker is a Senior OSINT Analyst for a large consulting firm with a personal interest in maritime OSINT. Additionally, she an OSINT Curious Executive Board member, Trace Labs DEFCON29 Black Badge & MVO winner, and Wiley Tech Author.
4:00 pm - 5:00 pm
The Geopolitical Implications of the Escalation and Weaponization of GPS and AIS Spoofing [[MARITIME]]
Gary Kessler
Gary Kessler, Ph.D., CISSP, is a principal consultant at Fathom5 and president of Gary Kessler Associates (Ormond Beach, Florida), a consulting, research, and training company specializing in maritime cybersecurity, digital forensics, and network protocols. He is co-author of Maritime Cybersecurity: A Guide for Leaders and Managers, 2nd ed. (2022), a Non-Resident Senior Fellow at the Atlantic Council, and a retired professor of cybersecurity. Gary has been involved in the information security field since the late-1970s; his latest research efforts have been related to AIS security. He is a member of the U.S. Coast Guard Auxiliary, where he holds a national-level cybersecurity office, is active in National Marine Electronics Associates (NMEA) standards development, is a SCUBA instructor, and holds a 50 GT merchant mariner credential. More information can be found at https://www.garykessler.net.
Tyson B. Meadors
Tyson B. Meadors is the founder and CEO of Ex Mare Cyber, LLC, a consultancy focused on the cybersecurity and resiliency of industrial and transportation systems. Heralded as "America's Top Cybersecurity Strategist" by former National Security Advisor H.R. McMaster, he served as Director for Cyber Policy on the National Security Council Staff from 2017-2018, advising the President, Vice President, and multiple National Security Advisors and was the lead author of the 2018 U.S. Cybersecurity Strategy and key contributor to a range of Executive Branch strategies and policies. A U.S. Navy officer with nearly two decades of service afloat and ashore, he is certified and experienced practitioner in a range of cybersecurity disciplines, to include incident response, forensics, penetration testing, vulnerability analysis, cyber-physical security engineering, assessment, and auditing. He also currently serves on the Editorial Board of the U.S. Naval Institute. An award-winning essayist and innovator, he has written on cybersecurity, intelligence, military ethics, and education, and has degrees and certifications from a range of institutions, to include the U.S. Naval Academy, the North China Institute of Science and Technology (华北科技学院), the U.S. Naval War College, Old Dominion University, and the Escal Institute of Advanced Technologies (SANS).
Dr. Diane Maye Zorri
Dr. Diane Maye Zorri is an associate professor of security studies at Embry-Riddle Aeronautical University and serves as a nonresident senior fellow for Joint Special Operations University. Prior to Embry-Riddle, Diane was a visiting assistant professor at John Cabot University in Rome, Italy. She writes and does research on issues that involve governance, U.S. defense policy, and cybersecurity. Diane started her career as an officer in the U.S. Air Force and later worked in the defense industry. During the Iraq War, she worked for Multi-National Force – Iraq in Baghdad, managing over four hundred bilingual, bicultural advisors to the U.S. Department of State and the U.S. Department of Defense. She is a graduate of the U.S. Air Force Academy, the Naval Postgraduate School, and George Mason University.
5:00 pm - 6:00 pm
Thrice Is Nice: Evaluating the Ukrainian Power Events from BlackEnergy to Industroyer2
Joe Slowik
Joe Slowik has over 10 years experience across multiple information security and cyber domains. Starting with the US Navy and the US Department of Energy, Joe has since performed extensive threat intelligence research at Dragos and DomainTools. Joe currently leads Threat Intelligence and Detection Engineering operations at Gigamon, while continuing involvement through training and consulting via Paralus LLC.
10:00 am - 11:00 am
Tales from the trenches - why organizations struggle to get even the basics of OT asset visibility & detection right.
Vivek Ponnada
Vivek Ponnada is an OT practitioner with global (14 countries) experience and currently works at Nozomi Networks as a Regional Sales Director. Having started his career in ICS as an Instrumentation Technician, Vivek became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa and South-East Asia. Throughout his career, Vivek held multiple roles including Sales, Marketing & Business Development and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, Mining etc.) industries at GE and ICI Electrical Engineering in North America. He is the co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks/contributions include S4x22, Gartner Risk Summit, GRIMMCon 0x7, BSides Vancouver and many others. Vivek has a Bachelors Degree in Electrical Engineering from I.E. India, MBA from The University of Texas at Austin and GICSP certification from GIAC. He is an active member of the Infosec community as a Board Member for Mainland Advanced Research Society (Vancouver, BC), member of the ISA and also a Volunteer for ISACA.
11:00 am - 12:00 am
kapOT: Revisiting a decade of OT insecure-by-design practices
Jos Wetzels
Jos Wetzels is a security researcher at Forescout specializing in embedded systems security. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) in the Netherlands where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) devices used in critical infrastructure, performed security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in research projects regarding on-the-fly detection and containment of unknown malware and Advanced Persistent Threats.
12:00 pm - 1:00 pm
Understanding CAN Bus and the GRACE Console [[Maritime]]
Dave Burke
Prior to joining Fathom5, Dr. Burke spent 10 years working at various positions within the government. From acting as the Program Executive Officer for NAVAIR to becoming a chairman of the NATO UAS and then the Director of Cyber Warfare Detachment, Dr. Burke has mastered the focus and understanding of cybersecurity. In the summer of 2019, Dr. Burke left government service to join Fathom5 as their chief engineer where he directs the development of novel approaches to embedded system DEVOPS and cybersecurity. He holds three bachelor’s degrees in electrical engineering, computer engineering, and computer science from North Carolina State University, a master’s degree in computer engineering, and a Ph.D. in aerospace engineering.
1:00 pm - 2:00 pm
Spear Vishing, VoIP Poisoning, and Hostile SBCs: Weaponizing Voice
Travis Juhr
Navy and Coast Guard Rescue Swimmer turned Paramedic and then Networking, Security, Systems, and Unified Comms Engineering. I have been conducting research and development on secure voice and network hardening practices in merging ICS, PSTN, and modern IP networks
2:00 pm - 2:30 pm
Navigating the High Seas When Dealing with Cybersecurity Attack
Daniel Garrie
Daniel has been a dominant voice in the computer forensic and cybersecurity space for the past 20 years, as an attorney and technologist. As Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and Cybersecurity teams, he has built the business to be one of the leading boutique cybersecurity forensic engineering firms in the industry. In addition to his role at Law & Forensics, Daniel is a mediator, arbitrator, and e-discovery special master for JAMS, an Adjunct Faculty member at Harvard teaching graduate-level focusing on Cybersecurity Law, and is the CISO at Zeichner, Ellman & Krause LLP. He has both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive cyber incidents in the United States as well as globally. In addition, he has been awarded several patents for advanced cybersecurity and forensic platforms built with his team that are currently used in the industry, Forensic Scan.