Virtual Meeting Series

All members can replay each Virtual Meeting.
Access the Resources page once you are a member!

Become a Member now to access the virtual meeting series

(CS)2AI “Virtual Meeting” Series Discussion Plan

For the benefit of all of its global members, (CS)2AI is proud to offer a 12-part (monthly) 1½ hour “virtual meeting” series on cyber security for control systems.  Participation in this first series will not by itself help a member reach a level of mastery, but it will serve as solid foundation to provide the broadest understanding of all the pieces and parts that go into the cyber security considerations for any control system.

These sessions are conceived and constructed as building blocks intended  to enable sequential learning (e.g. Industry terminology will not be re-defined once introduced) and modular skills building. And they will be recorded so that members unable to attend one or several modules will be able to catch up out of cycle. 


Earn 2 CPE Credits When You Attend

Are you a CISSP, CISM, or CISA certification holder?
Earn 1-2 continuing professional education credits (CPEs) for each Virtual Meeting 


The Virtual Meeting Series Summary

January 25, 2018 (10am EST)

Introduction to Control Systems

Virtual Meeting Summary:
What is considered a Control System, its fundamental characteristics?  What is Operational Technology (OT) SCADA, Building Automation Systems (BAS)....

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek Harp

Martin Noufer

Discussion Leader: Dr. Michael Chipley

Dr. Chipley is the President of The PMC Group LLC and has been a cybersecurity subject matter expert supporting government and private sector clients as an independent consultant since 2006. He is a retired Air Force Civil Engineering officer and continues working with the Department of Defense developing cybersecurity policy, standards and guidelines for Facility-Related Control Systems, and assists project teams through the Risk Management Framework process. In addition to his activities with control systems, he is also deeply engaged with IT cloud services. He has taken private sector clients through the FedRAMP authorization process and currently has 5 active cloud authorizations and a sixth in final stage of approval. He is working with several control system vendors to implement cloud based solutions such as Lighting as a Service. He is the author and special contributor to numerous DHS, NIST and professional society publications, the creator and maintainer of the Whole Building Design Guide Cybersecurity website, and the creator and instructor of numerous cybersecuring control system workshops.

Discussion Leader: Billy Rios

Billy is the founder of Whitescope LLC, a startup focused on embedded device security.  Billy is recognized as one of the world’s most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. Billy has worked at Google where he led the front line response for externally reported security issues and incidents.  Prior to Google, Billy was the Security Program Manager at Internet Explorer (Microsoft).

Discussion Leader: Larry Grate

Mr. Grate is an experienced Director of Technology with a demonstrated history working in the industrial automation industry. His skills include: process control, control systems design, SCADA, HMIs, network convergence and OT cyber security. With 30+ years of experience and a bachelors in electrical engineering from Mercer University, Mr. Grate is a strong engineering professional.

February 22, 2018

Inside the Control System – Components, Processes, and Automation

Virtual Meeting Summary:
This session covers hardware, software, systems, information flow and operations unique to these environments (to include PLC’s, HMIs, Historians, Field Devices, Controller devices...

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek Harp

Martin Noufer

Discussion Leader: Bryan Singer

Bryan has an extensive background in a variety of industries including manufacturing, DoD, healthcare, and others. His proven professional skills include system architecture and design, software project management, application development, system administration, network administration, database design and administration, and multi-tier support. Previously he was the chairman of ISA-62443/ISA-99 Industrial Control Systems Security Standards body; Interim Governing Board, for the Process Control Security Forum; and an industry representative for security architecture concerns to almost every major manufacturing, utilities, and other critical infrastructure. His specialties are: 1) System Architecture and Design using methodologies including UML, Rational Unified Process, Booch, Yourdon, etc.; 2) MES, EAI, ERP, LIMS, PLC, DCS, HMI, and other manufacturing systems; 3) Client/Server development in Java, JSP, ASP, C/C++, Visual C++, VB, PERL, Shell (ksh, csh, sh, bash), SQL, PL/SQL, and HTML; 4) Physical and network vulnerability assessments, penetration testing, information assurance, and biometrics, and; 5) • PGP, SSH, VPN, WEP, SSL, WAP, 802.1x, RADIUS, etc

Discussion Leader: Emmett Moore

Emmett is the founder and CEO of Red Trident Inc.. Over the years, he has focused on Threat Intelligence, Vulnerability Research, and Security Services. He has been responsible for all aspects of the product development life cycle in the Oil & Gas Industry. As a project specialist he handled a multitude of roles, which included managing high level automation projects for the oil and gas industry, as well as being a technical specialist various other projects.

March 29, 2018

What is Unique About a Control Systems Network?

Virtual Meeting Summary:
This session will profile some of the strengths (yes there are some), weaknesses, opportunities and threats unique to the networks found in control system...

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek Harp

Martin Noufer

Discussion Leader: Stuart Phillips

Mr. Phillips has over 25 years of experience in cybersecurity, networking, and unified communications. He has held leadership positions in sales, marketing, and product/program management for some of the largest vendors (Cisco, Polycom, and Avaya). Stuart has extensive experience with end users in the military, government and financial markets worldwide, covering all aspects of security. He completed his B.S. in Computer Science in California. After joining Cisco he held positions of leadership in IOS Engineering and then managed Cisco security marketing for the Asia Pacific while completing his MBA in Singapore. Later he founded and ran a subcontractor Santa Barbara Labs (SBL), for the U.S. Air Force through Lockheed Martin. SBL program managed a high-security lab for developing software models to optimize secure communications over highly degraded military satellite networks. At Unisys, Stuart is focused on security technologies adoption and transition in the industrial Internet of things. He is based in Thornton, Colorado.

Discussion Leader: Kevin Van Der Veen

Kevin brings expertise in Architecture, Design, and Implementation of robust and secure Process Control Networks. He has over 20 years’ experience in network engineering, of which 11 years have been in Oil and Gas and 7 in Cybersecurity. He Brings the following relevant experience:

-Network/Security Architect for Shell Downstream Global Process Control Domain (PDC) SecurePlant Cyber Security Project
-Network/Security Engineer for PDC Secure Plant Cyber Security Project for Asia Pacific Region
-Provide onsite and remote technical and risk/gap assessments. Integrate network and security solutions for Upstream and Downstream environments
-Define and Implement Global network architecture security standards
-Perform technical assessments including site maturity, review and compliance for: network and firewall architecture, access control, portable media, operating system security patching, event log management, anti-virus, backup & restore.
-Communication analysis for multiple systems such as: 3rd Party, Internet-Based services, OPC/PI collectors/nodes, HMI’s, Safety and Engineering Workstations, SCADA, DCS controllers, PLCs and RTU’s.
-Create designs for integration of security solutions at existing assets

April 26, 2018

The Control Systems Ecosystem – Suppliers

Virtual Meeting Summary:
This session will go into who are all the players in this ecosystem.  Examples are: OEMs, suppliers, vendor, Integrators, Key consultants and their....

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek Harp

Martin Noufer

Discussion Leader: Cherise Esparza-Gutierrez

Cherise Esparza-Gutierrez is the co-founder & CTO at SecurityGate, is an industry pioneer for implementation of Achilles Practice Certification PCD/ICS offshore technology cyber security for rig fleet. She is an innovative IT/ICS operations professional with 11+ years’ experience of managing IT & ICS network infrastructures, OT/PCD/ICS/IT cyber security based on (WIB/IEC 62443; NIST 800-53, ISO2700(1&2)), and operational risk management within the corporate & ICS network environments. She specializes in cyber security, enterprise telecommunications, network engineering design, ICS/SCADA/OT security, IT risk management, and Incident Response.

Discussion Leader: Graham Speake

Graham Speake, the CISO at Berkana Resources Corporation, is a senior cyber security professional with broad experience leading global Operational Technology (OT) and Information Technology (IT) cybersecurity programs for the protection of mission critical systems and infrastructure. He has established expertise in developing and delivering security and security awareness training courses and subject-matter experience in Industrial Control Systems (ICS) & SCADA cybersecurity, particularly in oil and gas majors. He has managed risk numerous large capital value projects and architected global solutions for Oil & Gas and Industrial Automation customers. He is a frequent presenter and panelist at security and industry events and has extensive experience designing and developing real time automation systems, with in depth knowledge of industry security frameworks and best practices such as: ISA-99/IEC-62443 and NIST 800-82. Graham is an active member of ISA-99 standards development programs.

Discussion Leader: Rob Garry

Rob Garry, VP Product Cyber Security at GE, is an experienced Chief Executive with a demonstrated history of working in the oil & energy industry. Skilled in Power Plants, Root Cause Analysis, Power Systems, Renewable Energy, and Engineering. Strong finance professional with a BS focused in Electrical Engineering from Union College.

May 31, 2018

The Control Systems Ecosystem – Asset Owners

Virtual Meeting Summary:
This session will go into who are all the end-user participants in this ecosystem, with a few views into some specific systems.  We will identify...

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek R. Harp

Bengt Gregory-Brown

Discussion Leader: Steve Mustard

Steve Mustard, is an independent automation consultant and subject-matter expert of the International Society of Automation (ISA) and its umbrella association, the Automation Federation. He also is an ISA Executive Board member. Backed by nearly 30 years of software development experience, Mustard specializes in: the development and management of real-time embedded equipment and automation systems; and the integration of real-time processing, decision-support and other disparate systems to improve business processes. He serves as president of National Automation, Inc.

Mustard is a recognized authority on industrial cybersecurity, having developed and delivered cybersecurity management systems, procedures, training and guidance to multiple critical infrastructure organizations. He serves as the Chair of the Automation Federation's Cybersecurity Committee. Mustard is a licensed Professional Engineer, UK registered Chartered Engineer, a European registered Eur Ing, an ISA Certified Automation Professional® (CAP®) and a certified Global Industrial Cybersecurity Professional (GICSP). He also is a Fellow in the Institution of Engineering and Technology (IET) and a Senior Member of ISA.

Discussion Leader: Paul Piotrowski

Paul Piotrowski is currently an Automation Engineer in Shell’s Global PCD Integrity Organization (Process Control Domain). Paul consults globally on PCD Security issues for large global capital projects for all Shell Operating Assets. He has spent over 16 years in Shell in various security roles including network operations, risk governance and compliance, audit, incident management, forensics and project management. He has travelled extensively for Shell allowing him the opportunity to work across diverse set of cultures and landscapes which have shaped his view of the world.

Paul possesses the valuable hybrid skill set of Operations Technology (OT) and Information Technology (IT). Through visiting and working at over 50 Shell assets globally he understands how to embed practical solutions between “operations” and “corporate IT” that reduce an organization's cyber security risk while minimizing operational impact. Paul is amid becoming a certified SANS ICS Security Instructor for the GISCP course.

He holds a B.SC degree in Computer Science with a minor in management. He holds several certifications including the GICSP (Global Industrial Cyber Security Professional) and CISSP. In addition, he has participated in several executive development programmes. He is based out of the Calgary, Canada.

June 28, 2018 (10:00am EST)

Keys to an Effective Control System Security Program

Virtual Meeting Summary:
This session will identify each of the key areas that enable organizations to run effective control systems security programs.  Key to this will be...

Virtual Meeting Organizers
Virtual Meeting Organizers

Najo Ifield

Bengt Gregory-Brown

Discussion Leader: Mille Gandelsman

Mille leads Indegy’s technology research and product management activities. Prior to Indegy, Mille led engineering efforts for Stratoscale and spent several years leading cyber security research for Israel’s elite intelligence corps. Mille is a graduate of the elite Talpiot military academy and holds a Masters degree with honors in Computer Science from Tel Aviv University.

Discussion Leader: Ernest Wohnig

Mr. Wohnig is an internationally recognized cyber security and assurance leader having written, presented, and advised senior corporate and federal leadership on security and assurance issues across the energy sector and to the federal government for over 20 years. Mr. Wohnig has advised clients across several industries, helping them understand their risk posture and to develop proactive security strategies and programs resulting in clear alignment of security investments to business value. Mr. Wohnig is one of the key figures shaping the discussion and practice of cyber security in the critical infrastructure and industrial control system arenas.

Prior to joining the private sector, Mr. Wohnig served as an Air Force Intelligence Officer and worked as a Network Security Analyst for the Defense Intelligence Agency (DIA). During his tenure at DIA he authored principle portions of National Intelligence Estimates and IC position papers on cyber and security threats to critical infrastructure systems. Mr. Wohnig also briefed senior federal leaders in the Senate, State Department, and Joint Staff regarding cyber threats to the U.S. military and civilian infrastructure and was responsible for DIA coordination and leadership of community assessments related to East Asia. For his efforts during this time, Mr. Wohnig was awarded a National Intelligence Council Medallion.

Discussion Leader: Robert Bevis

Bob is the founder of Verve Industrial and leads the technical vision for the company. With over 25 years of cyber security, ICS system design, and project management, Bob’s unique ability to understand cyber security requirements (including NERC-CIP) in an operating environment enable scalable, cost effective and efficient security solutions.

Discussion Leader: Karl Perman

Karl is the Operational Technology Security Lead in KPMG’s Risk Consulting practice with over 30 years of experience delivering critical infrastructure, business protection, compliance, risk management and law enforcement consulting services. He has developed and implemented critical infrastructure protection programs, developed security technology infrastructure to protect assets, created vulnerability assessments in diverse environments, established organizational strategies and value-added security programs, and led high-level, complex investigations of criminal conduct and employee misconduct. His career includes senior level positions including Director of Security, North American Transmission Forum; Manager, Infrastructure Protection and Regulatory Compliance at Exelon Corporation; and Manager, Corporate Investigative and Protective Services at Southern California Edison.

July 26, 2018 (10:00am EST)

The Control Systems Security Workforce Challenges

Virtual Meeting Summary:
This session will dig into the control system or operating technology (OT) Cyber-security Workforce development challenges...

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek R. Harp

Bengt Gregory-Brown

Discussion Leader: Samara Moore

Samara focuses on partnering across the enterprise to manage cyber and physical security and compliance risks. She joined Exelon after 10 years in the federal government. Moore was previously National Security Staff member at the White House, responsible for the NIST Cybersecurity Framework development. Prior to the White House, Samara co-led the development of the U.S. Department of Energy’s Cybersecurity Capability Maturity Model for power system utilities.

Discussion Leader: Rebekah Mohr

Rebekah Mohr is a Security Manager for Accenture, specializing in Industrial Control Systems (ICS) Security. She provides clients with services such as defining a company-wide ICS Security Program, conducting ICS Security gap assessment or risk modeling workshops, and providing materials and tools to close ICS Security gaps, complete ICS Security Remediation Programs and conduct ICS Security Run & Maintain Assurance.

Rebekah brings experience gained from 6 years working with Shell, where she was responsible for ICS Security at a Refinery, and later joined the global ICS Security Team as a Regional Technical Expert. During her time with the global team, she developed an ICS Security Risk Model, which was the first of its kind in the industry, and she designed a global ICS Security Remediation Program.

Rebekah has a Bachelor of Science degree in Math, Statistics and Computer Science from McGill University and a Master of Science degree in Statistics from University of British Columbia. Rebekah has been awarded with a Young Women in Energy and SANS “People who Made a Difference in Cyber Security” Award. Rebekah is driven to contribute as a thought leader within this space and to make a difference for the next generation of women in the technical workforce.

Discussion Leader: Andy Bochman

Mr. Bochman provides strategic guidance to senior USG and industry leaders on topics at the intersection of grid and critical infrastructure modernization and security. A frequent speaker, writer and standards developer, Andy has provided analysis on energy sector security actions, standards and gaps to DOE, DOD, DHS, FERC, NERC, NIST, NARUC, the Electricity Subsector Coordinating Council (ESCC), and state utility commissions, most recently testifying before the Senate Energy and Natural Resources Committee on energy infrastructure cybersecurity issues. He previously was Global Energy & Utilities Security Lead at IBM and Senior Adviser at the Chertoff Group in Washington, DC.

Andy is currently researching a book on applying engineering fundamentals to critical infrastructure cyber challenges. His recent publications include: “the National Security Case for Simplicity in Energy Infrastructure” (CSIS, 2015), “IoT, Automation, Autonomy and Megacities in 2025: A Dark Preview” (CSIS, 2017), "The Missing Chief Security Officer" (CXO, 2018) and "Internet Insecurity: the Brutal Truth" (HBR, 2018).

August 30, 2018 (10:00am EST)

Control Systems Security – What is the Offense Doing?

Virtual Meeting Summary:
In order to do well at cyber defense, it can be very helpful to see yourself and your org from the attackers’ point of view. This session...

Virtual Meeting Organizers
Virtual Meeting Organizers

Derek R. Harp

Bengt Gregory-Brown

Discussion Leader: Clint Bodungen

Clint has over 20 years experience as a Cybersecurity Researcher, Risk Analyst, Penetration Tester, and Developer (12+ years specialized in ICS/SCADA Cybersecurity), covering in every facet of a cybersecurity project/program and SDLC, from advanced technical development to management. As vice-president of ICS Cyber Security at Leo Cyber Security, he is responsible for building a world-class ICS Cyber Security business practice, directing the vision and philosophy of the practice, establishing great strategic partnerships and relationships, identifying technological and strategic opportunities, and hiring the most skilled and experienced staff in the industry.

Discussion Leader: Jim Gilsin

Trained as an electrical engineer specialized in controls, Jim has spent most of his career involved with computers and networking, focusing on industrial network cyber security and reliability. For the past fifteen years he's been working to develop better ways to measure industrial Ethernet performance and to determine how that performance affects the overall system robustness and reliability. Jim has also been involved in developing standards for ICS cyber security through ISA99 ( Mr. Gilsin is currently the co-chair of the ISA99 committee and ISA99 working group 2 developing end-user cyber security program requirements. He has been with Kenexis Consulting since 2012, I've been putting both of these skillsets into practice helping to assess, design, and validate ICS in various industries.

Discussion Leader: Matthew Luallen

Matt Luallen is a well-respected professional with a unique background encompassing several facets of information assurance and content delivery systems surrounding business logic. Currently the founding Executive Inventor of Cybati, a critical infrastructure and control system cybersecurity education company, Mr. Luallen also served as President and Principal Consultant of Sph3r3. LLC. Prior to incorporating Sph3r3, Mr. Luallen provided strategic guidance for Argonne National Laboratory, U.S. Department of Energy, within the Information Architecture and Cyber Security Program Office. He has extensive consulting experience within the governmental and commercial sectors including a multi-client base of corporations, financial institutions and healthcare organizations.

Mr. Luallen also is an instructor for DePaul University, the SANS Institute, Global Knowledge and has been asked to speak at many national conventions such as RSA, NetSec, and InfoSec. He continues to advance his instructional leadership in the areas of digital infrastructure architecture, security policy implementation, intrusion prevention, digital forensics analysis and system sanitization, business continuity and disaster recovery planning, formalized information assurance policy, and secure web transactional architecture.

Over the past few years Mr. Luallen has served in an advisory or consulting capacity on information architecture as well as security and computer crime with several U.S. government agencies, commercial entities and their contractors, including the National Science Foundation, FBI InfraGard Program and the National Institute of Standards and Technology. Mr. Luallen also serves on the CompTIA Security+ cornerstone committee and as a member of the Council of General Advisors at the Gerson Lehrman Group.

September 27, 2018 (10:00am EST)

Controls Systems Security – How do we Best Defend Them?

Virtual Meeting Summary:
In order to do well at cyber defense, it can be very helpful to see yourself and your org from other defenders points of view. This session will focus...

Virtual Meeting Organizers
Virtual Meeting Organizers
Virtual Meeting Organizers

Derek R. Harp

Bengt Gregory-Brown

Discussion Leader: Barak Perelman - Indegy

Before founding Indegy, Perelman led several multi-million dollar cyber security projects at the IDF and received commendation for this service and achievements. He is a graduate of the elite Talpiot military academy and has over 15 years of hands-on experience in cybersecurity and protection of critical infrastructures. Perelman holds a B.Sc. in computer science, physics and math, and an MBA from the Tel Aviv University.

Discussion Leader: Paul Forney - Schneider Electric

Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standard and has held the Co-chair position for the Research and Development Sub-group of the Department of Homeland Security Industrial Control System Joint Working Group. He has been an advisor to the White House Cyber Security Office, the Department of Justice, the Department of Energy and FERC.

Paul is also a primary contributor in the ISA99 WG4 TG6 committee working on the IEC 62443-4-1 world wide standard for secure development in industrial automation (now approved by ISA and IEC). He has been a guest speaker on the subject of the Security Development Lifecycle and incident response in industrial control and cyber physical systems at national and international conferences for Microsoft, Gartner, SANS, ICSJWG, AFPM, API, RCMP, S4 and Public Safety Canada. Paul works closely with the ICS-CERT organization on ICS cyber vulnerabilities and also with cyber researchers around the globe.

Mr. Forney has been awarded eleven patents in areas such as failure prediction for upstream Oil and Gas, grid balancing for Power and Internet/intranet portal technologies; and for twenty-seven years, has been involved in the design, security and implementation of SCADA, Event Driven/Service Oriented Architecture (EDA/SOA) and distributed control software and systems for industrial automation.

Paul is an active member of the Azure Advisory Board for Azure Active Directory and Azure Service Bus and has served on the Board of Advisors for Cylance, Inc., one of the fastest growing and innovative cyber security companies in the world. He is a certified Information Systems Security Professional (CISSP), a certified Information Systems Security Architect Professional (ISSAP), a certified Secure Software Lifecycle Professional (CSSLP) and an accomplished jazz musician.

Discussion Leader: Ayman Al-Issa

Ayman is a globally recognized leader in the field of cyber security for industrial automation and control systems. Working within the fields of IT and OT Cyber Security for over thirteen years, architecting and implementing award winning innovative technologies for Oil and Gas producers in the Middle East by developing cyber security designs from FEED to EPC by following “Cyber Security by Design” methodology, he has also been acknowledged by global forums and information contributor to the ISA99/IEC62443 standard.

October 25, 2018 (10:00am EST)

Industry Regulations and Standards – Now and Emerging

Virtual Meeting Summary:
This session will introduce key aspects of both regulations and standards across multiple industries and regions of the world.    We will cover historical...

Discussion Leader: Chris Humphreys - Cybersecurity, Technology, and Regulatory Synergist CEO/Founder at The Anfield Group Inc

Chris Humphreys started his career at the Department of Homeland Security's National Infrastructure Coordination Center (NICC) and was the development lead at the United States Computer Emergency Response Team (USCERT). Chris went on to serve as Critical Infrastructure Protection Program Manager for the Dept. of Defense's Counterintelligence Field Activity (CIFA) in 2006.

While at CIFA, Chris authored DoD Instruction (DoDI) 5240.10 "Counterintelligence Support to Critical Infrastructure" which is national-level policy still in place today.

In 2008 he took a position as CIP Manager of Compliance and Investigations at Texas Regional Entity in Austin TX. While at Texas RE, Chris founded the CIP Compliance Working Group (CCWG) which is made up of the CIP Managers and Auditors from all NERC regions. The CCWG developed the CIP Audit Process that is currently being implemented across all NERC Registered entities.

Since 2010, Chris has served as the Founder and CEO of The Anfield Group Inc. which provides cybersecurity, regulatory, and technological strategic advisement to all Critical Infrastructure sectors.

In 2017, Chris was appointed by the Texas Dept of Information Resources and Texas Gov Greg Abbott's office as one of three voting members to the Texas State Cybersecurity Council tasked with implementing House Bill 8 (HB8) "The Texas Cybersecurity Act".

Discussion Leader: Bradford Hegrat - Internet of Things, ICS, Embedded Cybersecurity Executive Principal Director at Accenture

Brad is a Critical Infrastructure-oriented security professional with extensive success in security and technology leadership, crisis/incident management, strategic program development and infrastructure solutions. Enterprise, IoT and ICS/SCADA security experience spans full spectrum of both technical and non-technical security functional areas

As a US Marine, he was trained thrive on chaos, to seek it out. As an executive leader in the business of cyber security, he aims to foster, leverage and create business advantages through the chaos of disruptive and innovative tech.

Bradford has 20+yr track record of increasing leadership and responsibility in: executive management guidance and advisory services; information security program development including SDL, IR and Business Continuity; systems analysis/development; security consulting services. Corporate liaison for law enforcement, government agencies and the US intelligence community. He has demonstrated exceptional ability in developing security standards as an operational framework to identify, react, address and learn from difficult and arduous security situations. Experience ranges from id/response to APT style actors to common insider events.

Discussion Leader: Ernie Hayden - Independent Consultant and VP - Training & Education @ International Operational Technology Security Assn. (IOTSA)

Widely recognized in cybersecurity circles, Ernie is an author, speaker and consultant with extensive experience in the power utility industry, critical infrastructure protection/information security domain, industrial controls security, cybercrime and cyberwarfare areas. His primary focus is on supporting projects regarding industrial controls security, smart grid security, energy supply security, and oil/gas/electric grid security with special expertise on industrial controls.

November 29, 2018 (10:00am EST)

Managing the Sustainable ICS Security Program

Virtual Meeting Summary:


Marco (Marc) Ayala is a Senior Industrial Cybersecurity Project Manager with aeSolutions. Marc has over 20 years of experience in process automation and safety and is active in the Chemical Sector and Oil and Gas cybersecurity effort working alongside DHS for securing the private sector. He has trained extensively with INL Idaho National Labs with colleagues focusing on ICS-CERT and has worked as an end user from I&E and I&C throughout his career, where he has handled advanced process control, maintained and designed enterprise historians, and has worked with enterprise-IT to perfect a direct balance of ICS/SCADA Industrial-IT and demarc with Enterprise-IT.

Marc is deeply engaged in ICSJWG, ACC-ChemITC and is an active member on ISA 99/62443, FBI – Infragard, ICS-CERT/US-CERT. Marco is a Senior Industrial Cybersecurity Project Manager for aeSolutions, a process safety consulting, engineering and automation company that provides process safety lifecycle solutions and tools.


Karon Blue has been involved in SCADA & industrial control systems(ICS) for over 15 years and enjoys helping companies plan, secure, & integrate these complex projects successfully. Mentored by a senior team of Instrument & Control technicians who helped him master the concepts of controls systems engineering. Continually seeking new challenges, he pursued the largest and most complex assignments to work on. Recognizing that a large electric utility offered a wide range of projects and excellent opportunities to develop a broad set of ICS engineering skills, he went to work at Southern Company. While there, he has designed and commissioned projects in Cybersecurity, SCADA, DCS, EMS, Building Automation, & implemented the latest NERC CIP frameworks.


Jay Williams is a Senior Manager at EY and leads the OT Cybersecurity practice. He has over 26 years of industry experience in OT cybersecurity, industrial control systems, data analytics and industrial control automation. Williams is a subject matter resource on critical infrastructure, manufacturing, O&G, P&U, pharmaceuticals, and industrial automation.

Prior to joining the firm, Williams was the Global Vice President of Critical Infrastructure Protection at Parsons Corporation spearheading and leading the CIP cybersecurity division. Williams was instrumental in developing business with key accounts, creating the product offering and services, co-developing all collateral, growing the team, and establishing Parsons’ strategic partnership with FireEye.

Williams is a frequent speaker at OT and ICS industry events like ICIT’s televised cybersecurity panel for securing the electric grid, Transitech, and GiSEC. His background in industrial control systems and cybersecurity gives him the ability to assist clients in the challenging and often hard to understand OT cyber market.

Williams holds a Bachelor of Science in Electrical Engineering from Rochester Institute of Technology. He is a member of the Syracuse Schools Cybersecurity Advisory Council in Syracuse, N.Y.

December 20, 2018 (10:00am EST)

Future Gazing: AI, Automation & Autonomy

Virtual Meeting Summary:
In this last session of the year we will have some fun discussing what the future of Cybersecurity in the ICS, Automation...


With over 25 years of experience that spans industry, Doug Wylie is a seasoned business practitioner and certified security professional who helps companies meet objectives to better ensure safe, secure, and profitable operations. His efforts have expanded industrial networking and cybersecurity solutions, helped create industry standards and best-practices, and enabled companies to mitigate security risks that arise as Information Technology (IT) and Operational Technology (OT) systems converge and grow in complexity.

In his current role, Doug directs the operations and product portfolio for the SANS Industrials & Infrastructure (I&I) practice area where he is responsible for business performance, sales execution, partnering and collaboration with other industry-leading organizations. He helps companies facilitate best-in-class solutions for workforce development and training programs that increase the effectiveness of company investments.

Previously, spent over 20 years at Rockwell Automation, most recently as the corporate Director of Product Security and Risk Management reporting to the Office of General Counsel. In that role, he performed as the key cybersecurity advisor to company leadership and established the company’s industrial security risk management program, built on the tenets of trust, integrity, security quality and security value.

Doug is an accomplished writer, speaker, consultant and an active contributor to global standards committees, industry consortia and his local InfraGard chapter. He is a Certified Information Systems Security Professional (CISSP) and holds numerous international patents relating to OT technologies and systems. He was recognized by The White House for his direct contributions to the execution of Executive Order 13636 and development of the NIST Cybersecurity Framework (CSF) and also received the 2013 SANS People Who Made a Difference in Cybersecurity award.


A proven leader in critical infrastructure resilience offers expertise in developing successful strategies for security operations. Blending traditional engineering approaches with advancements in information technology to offer clients unique solutions and leveraging decades of experience in critical infrastructure resilience and security, he provides advanced cyber risk management by harmonizing security technology, operational controls and insurance-utilizing processes and models that combine insurance analysis with exposure quantification and cyber program evaluation. Axio’s work addresses the full range of potential cyber losses, including information theft, third party liability, property damage, bodily injuries, operational disruption, and environmental damage.


Tyler lead the effort in Shell's global Engineering & SMART organization to shape the frontiers of the emerging Industrial Internet ( IIoT ) and helped to (1) develop a digital engineering technology strategy (2) define new and disruptive technology solutions and services and (3) establish new technology innovation and delivery models that can effectively translate trends ( market / technology ) into business value and competitive advantage quickly and reliably for Shell.

He previousy managed a multi-disciplinary ( IT & Engineering ) global team responsible for the definition and maintenance of cyber security standards and risk management practices (Risk, Controls, Incidents & Threats) used in Shell's operating asset and capital projects around the world. The team was also responsible for the design and development of technology solutions used to protect industrial operations in Downstream Manufacturing and Upstream Production facilities, Wells and Drilling infrastructure and Lube Oil Blending/Chemical plants from emerging cyber threats.

Discussion Leader: