Speakers and Topics - Level Zero Conference

Demystifying Network Monitoring: Best Practices

As cyber threats proliferate across both enterprise and Operational Technology (OT) networks, organizations increasingly recognize the necessity of robust network monitoring. However, many acquire specialized OT monitoring tools under the flawed & set it and forget it assumption, expecting immediate, out-of-the-box effectiveness without further intervention. Moving beyond passive installation to a mature, tuned network monitoring ecosystem produces better security outcomes and a more resilient OT posture.

About the Speaker

Charles “Zach” Zachmeyer

OT Cybersecurity Lead
UTSI

Charles “Zach” Zachmeyer serves as the OT Cybersecurity Lead for UTSI, leveraging nearly 30 years of specialized experience in the Oil & Gas sector. Zach’s deep technical expertise was forged during a 23-year career at Chevron, where he held pivotal OT and Process Control Network (PCN) leadership and advisory roles across Houston, China, Angola, and California. A specialist in ICS/SCADA environments, he focuses on delivering resilient Solution Architecture and robust Network Security Engineering for mission-critical infrastructure.

When Expectations Meet Reality: The Anatomy of Cyber Incidents Affecting OT Organizations

Real world incident response experience shows that many attacks against OT centric organizations unfold differently than expected. There are several key reasons why reality diverges from initial assumptions, and understanding these gaps offers critical lessons for strengthening operational resilience.

About the Speakers

Kyle Alexander

Director, Cybersecurity Services
Sygnia

Kyle Alexander brings over 15 years of experience in information security focusing on Operational Technology. In this role, Kyle provides guidance to our clients from a broad range of proactive, reactive, and manage services. Prior to joining Sygnia, Kyle served as a Senior Manager for EY within the OT Cybersecurity team where he managed multiple large scale OT programs from data collection through response. Additionally, he served in the United States Navy.

Tamir Margalit

Director of ICS and OT Security
Sygnia

Tamir is a cybersecurity leader with over 20 years of experience specializing in ICS and OT security, critical infrastructure protection, and complex industrial environments. His career spans national-level defense, global consulting, and hands-on leadership in securing some of the most sensitive IT and OT systems worldwide.
As Director of ICS and OT Security at Sygnia, Tamir leads the development and execution of the company’s industrial cybersecurity strategy. He oversees OT incident response engagements, assessment and detection programs, and the creation of methodologies for protecting industrial control systems, energy, transportation, and manufacturing environments. Working closely with executive stakeholders and technical teams, he helps organizations strengthen resilience, bridge IT and OT security operations, and prepare for real-world cyber threats.
Previously, Tamir held senior consulting and architecture roles at Cymotive, supporting leading global organizations including Volkswagen AG, Audi AG, and Ferrari Engineering. His work covered IT and OT security, automotive and embedded systems security, cloud environments, and large-scale security transformation programs.
Earlier in his career, Tamir spent over 14 years at the Prime Minister Office, serving as a cybersecurity officer and team leader responsible for protecting national critical infrastructures. He was a key contributor to national working groups that shaped the Israeli doctrine for securing OT assets and critical infrastructure, bringing together operational, technical, and strategic perspectives.
Tamir is known for combining deep technical expertise with pragmatic leadership, translating complex cyber risks into actionable strategies, and helping organizations operate securely in high-impact industrial and critical environments.

Securing What Matters | Operationalizing Cyber Resilience to Reduce OT Risk

Security leaders can no longer rely on passive risk awareness or compliance alone. Achieving true resilience requires enhanced visibility, expedited decision-making, and the seamless integration of cybersecurity measures across all levels of the organization. Resilience must be engineered into people, processes, and technologies, creating a security culture that extends from the plant floor to the boardroom.

Frameworks and regulations provide guidance, but true protection comes from operationalizing cybersecurity as a continuous, organization-wide discipline. The winners in this new era are those who turn risk into action: hardening people, processes, and technology against disruption.

In this session, we will share how to transform risk strategy into sustained operational defense—turning visibility into action, and action into resilient, long-term protection.

About the Speaker

Carlos Sanchez

Sr. Systems Engineering Manager – Operational Technology
Fortinet

Operational Technology cybersecurity leader with 20+ years delivering secure IT/OT convergence for manufacturing, energy, and critical-infrastructure environments. I build and lead cross-functional security programs — from asset discovery and network segmentation to micro-segmentation, ICS/SCADA hardening, and incident response — that measurably reduce operational risk while enabling reliable production delivery. Proven track record scaling teams, managing vendor & budgetary programs, and translating technical risk into board-level decisions. Core strengths: OT risk management, secure-by-design architectures, ICS/SCADA protocol mapping, incident response orchestration, and program governance. Open to senior leadership roles that need an operator who can both strategize and execute.

Why Isn’t AI Transforming Critical Infrastructure (Yet)?

Artificial intelligence promises gains in detection, resilience, and operational efficiency, yet critical infrastructure sectors face structural, technical, and cultural barriers to adoption. This interactive Birds-of-a-Feather session will introduce the NIST AI Accelerator for Critical Infrastructure and foster open dialogue on what is holding organizations back, what would lower deployment barriers, and where early successes can inform collaborative pilots and research priorities.

About the Speakers

Sarah Freeman

Chief Engineer for Intelligence, Modeling and Simulation
MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC)

Sarah Freeman is Chief Engineer for Intelligence, Modeling and Simulation for MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC), where she provides U.S. government partners and private sector entities with actionable cyber threat intelligence, developing innovative security solutions for the critical infrastructure within the U.S. Her current research focus includes predictive adversary analysis and evaluating the effectiveness of security solutions to deter adversaries.

Martin Stanley

Principal Researcher for AI and Cybersecurity
National Institute of Standards and Technology (NIST)

Martin Stanley, AI and Cybersecurity Researcher, leads the NIST AI Risk Management Framework (AI RMF) efforts at the U.S. National Institute of Standards and Technology, Information Technology Laboratory and is the lead for the NIST AI Accelerator for Critical Infrastructure. Martin previously led the Emerging Technology and R&D Program at CISA and the Enterprise Cybersecurity Program at the U.S. Food and Drug Administration. Prior to his federal service Martin held executive leadership positions at Vonage and UUNET Technologies. Martin co-authored “Digital Health”, an Oxford University Press Publication.

Incident Response Table Top Exercise Using FEMA’s NIMS Incident Command System

UTSI will be facilitating a specialized Tabletop Exercise (TTX) utilizing ThreatGen technology and featuring a custom scenario. The TTX will run across three morning sessions, concluding with a final summary and awards presentation during the Level Zero closeout. This TTX can be used as part of the items needed for Type 3 or Type 4 ICS4ICS Credentials

About the Speaker

Derrik Oates

OT Cybersecurity Senior Consulting
UTSI

I have 26yrs of Professional IT experience working with a myriad of Federal, Corp., or small business customers in disparate varied environments. Proven ability to align all parties from C-Suite to Technician to User/Operator under 1 strategy, drive the initiative, and train all involved parties. Though a reliable self-starter, I am a big believer in team and that our varied expertise and experiences make the collective stronger. Often considered the glue in a group. I bring a wealth of knowledge doing risk analysis, identifying misalignments, including overlaps/gaps in skillset, procedures, or tools. My approach is rooted in an understanding our security landscape is constantly evolving and change is inevitable, whether that change is rapid or incremental. With the ability to learn almost any new Tool, Strategy, or Environment in 3 – 6 months, I am ideally utilized in environments seeking to integrate new capabilities, whether that is technology, tool, or personnel. My international upbringing and multilingual communication skills allow me to operate well multicultural environments. Clearance: Public Trust Latest observations: Nonconventional computers (eg. IoT, Smart devices, SCADA, satellites), mesh networks (eg. power and data), and Blockchain (Supply Chain, Auditing, Inventory, Authentication) are our future. Most Security and Risk Mgmt strategies are developed assuming Geo/Political stability with a few bad state actors. Might be time to incorporate assumptions of international and domestic instability for certain environments. Society will shift to an incremental mindset at some point, as our ability to understand the power of small efforts aggregated, expands. From personal finance (compound interest and fees); to health maintenance (calorie cutting, small workouts); energy creation (vary sources) and usage (efficiencies); sustainability (reduce, reuse, recycle); development (code, modular devices) or even movements (political or social) Fear (of scarcity, of irrelevance, of death), and inequality (rights, financial, freedom to error) have been the 2 most crippling forces in my lifetime.

Physics, Policy & Priorities

Operational Technology (OT) environments face complex threats, driven by both evolving technology and persistent, fundamental risks. This panel brings together experts from IBM, Sygnia, and OPSWAT to discuss strategic and practical priorities for securing critical infrastructure.

The session will explore key themes including:

AI and Critical Infrastructure Security: We will examine the use of AI models within companies, the impact they are having on demands for OT infrastructure, and the critical strategies organizations are employing to secure AI as it relates to OT environments and critical infrastructure.

The Remote Access Risk: A major risk in OT, remote access, will be addressed with a focus on what organizations are still doing wrong and how they are securing file transfer over remote access sessions.

Incident Response and Strategic Gaps: Drawing on incident response experience, panelists will share insights into the OT cyber incidents they are facing nowadays. The discussion will also cover the security gaps that consistently surprise clients during red team exercises and help prioritize a few pragmatic security initiatives for OT organizations.

Finally, we will determine if the discussions across the OT landscape are being driven by compliance or by security concerns.

About the Speakers

Tamir Margalit

Director of ICS and OT Security
Sygnia

Tamir is a cybersecurity leader with over 20 years of experience specializing in ICS and OT security, critical infrastructure protection, and complex industrial environments. His career spans national-level defense, global consulting, and hands-on leadership in securing some of the most sensitive IT and OT systems worldwide.
As Director of ICS and OT Security at Sygnia, Tamir leads the development and execution of the company’s industrial cybersecurity strategy. He oversees OT incident response engagements, assessment and detection programs, and the creation of methodologies for protecting industrial control systems, energy, transportation, and manufacturing environments. Working closely with executive stakeholders and technical teams, he helps organizations strengthen resilience, bridge IT and OT security operations, and prepare for real-world cyber threats.
Previously, Tamir held senior consulting and architecture roles at Cymotive, supporting leading global organizations including Volkswagen AG, Audi AG, and Ferrari Engineering. His work covered IT and OT security, automotive and embedded systems security, cloud environments, and large-scale security transformation programs.
Earlier in his career, Tamir spent over 14 years at the Prime Minister Office, serving as a cybersecurity officer and team leader responsible for protecting national critical infrastructures. He was a key contributor to national working groups that shaped the Israeli doctrine for securing OT assets and critical infrastructure, bringing together operational, technical, and strategic perspectives.
Tamir is known for combining deep technical expertise with pragmatic leadership, translating complex cyber risks into actionable strategies, and helping organizations operate securely in high-impact industrial and critical environments.

Preston Futrell

Partner
IBM Security

Preston Futrell serves as Partner and Global Leader of the OT Security Practice at IBM, where he oversees the development and delivery of cybersecurity services for critical operational technology environments. Before assuming his global OT leadership role, he spent five years directing IBM’s cybersecurity business for industrial and communications markets in the United States, managing both service teams and strategic client relationships. Over his 28-year cybersecurity career, Preston has led major transformation and security programs across Energy, Manufacturing, Technology/Media, and Telecommunications industries. His career includes leadership roles at Internet Security Systems, Reflex Systems, and NexDefense, spanning software, hardware, consulting, and managed security services. With deep experience at both large-scale security providers and emerging technology startups, Preston has contributed to pioneering advancements, including innovative cloud and virtualization security capabilities and first-of-a-kind OT security technologies and services.

Rusty Feldman

VP, Americas Sales
OPSWAT

Sales leader with extensive consultative sales experience and demonstrated success building relationships with senior level executives. Proven track record of building and executing sales and marketing plans. Strong motivator with the ability to draw the best from each team member. Decisive team leader, skilled in problem solving, recruiting, and training effective sales teams. Excellent communication skills and experience in quota management, territory assignment, and creating effective business partnerships.

Blake Gilson

IT Strategy Manager
ExxonMobil

Blake Gilson is currently the IT Strategy Manager of ExxonMobil where he helps leads the direction and execution of the IT department’s overall industrial cybersecurity strategy. Blake holds a BA in Business Management Information Systems from the University of Houston and holds five cyber security Global Information Assurance Certifications, and DOE OT Defender Alumni.

Building the Industry: A Founder Roundtable on the OT Cybersecurity Venture Ecosystem

“OT and ICS cybersecurity isn’t a future challenge—it’s being defined right now.” In this special closing session, Level Zero brings together six seasoned founders of emerging or investor backed OT cybersecurity companies for a candid roundtable on what it means to start and grow a venture in this space. From navigating early customers and patient capital to building products for an industry that still runs on legacy infrastructure, these founders share the hard-won lessons of building companies at the intersection of operational technology and cybersecurity. No slides. No pitches. Just founders fielding your questions about capital, customers, product bets, and the moments they almost didn’t make it. Open Q&A gives the audience direct access to the minds shaping the next generation of this industry.

Please note: This Level Zero Bonus session will take place on Tuesday, April 21st, at 5:35 p.m. in the Midtown Hall on the 1st floor of the Georgia Tech Exhibition Hall, following the Day 2 breakout tracks. It is open to the public and does not require a conference pass!

About the Speakers

Derek Harp

Founder and Chairman
Control System Cyber Security Association International (CS2AI.org)

Derek has served as a founder, CEO, or advisor of early-stage companies for the last 27 years with a frequent focus on cyber security.

Over the past decade, Derek has served as the founder and Chairman of the Control System Cyber Security Association International (CS²AI), a nonprofit organization dedicated to educating and supporting over 40,000 OT and ICS professionals around the globe. More recently, he has co-founded CambiOS Academy, LLC, an edtech company with an initial focus on tackling the cybersecurity skills gap by providing OT training delivered by the professionals who helped “invent” the industry. In addition, Derek founded and is committed to building the Level Zero Conference, where engineering meets cybersecurity to protect critical infrastructure.

Derek’s experience also includes co-founding the ICS Cyber Security business at the SANS Institute, serving as the founding GICSP Certification Steering committee chair, co-founding NexDefense, Inc., (now owned by Dragos) and CEO and co-founder of LogiKeep, Inc. At LogiKeep, Inc., where he was the co-inventor of Intellishield™, a pioneer IT security product which was later acquired by Cisco Systems. Derek is a former U.S. Navy Officer with experience in combat information management, communications security, and intelligence.

Derek pulls from his decades of experience as an entrepreneur, business owner and in cyber security to share interesting and relevant stories with his audiences.

Christophe Bourel

Président de TYREX
TYREX CYBER

✪ IT Professional, with over 15 years of experience as CEO, and now running and spreading the TYREX✪ machine around the world !

Josh Ross

Co-Founder
Ironloop

Anusha Iyer

Founder & CEO
Corsha

Anusha Iyer, Founder and CEO of Corsha, is a seasoned technologist and executive with over 20 years of experience in cyber protecting mission-critical systems. Her expertise spans defense mission systems, manufacturing, and automation, where she has been instrumental in designing and implementing robust operational security programs from the ground up. Passionate about demystifying cybersecurity, Anusha’s mission is to make security accessible, bridging the gap between the OT-IT divide while advocating for practical, risk-based approaches to cyber defense. Before co-founding Corsha, Anusha served as the Director of Software Programs at Galois specializing in formal methods and high-assurance systems. Anusha’s diverse experience includes roles in the U.S. Government at the Naval Research Laboratory establishing tactical-edge networks for military missions. An alumna of Carnegie Mellon, Anusha holds a Masters in Computer Science from SUNY Buffalo.

Shaun Six

President and CEO
UTSI International Corporation

Shaun Six is the President and CEO of UTSI International. He is a 3X entrepreneur with over 20 years of Business Strategy, Operations Strategy, IT/OT Innovation, PM and Consulting, Training & Development and Compliance experience.

David Ong

Founder, CEO
Attila Cybertech

C.F.S.E., MBA
GICSP (SANS)
Founder & Managing Director, Excel Marco & Attila Cybertech

David Ong has over 30 years of professional experience and is widely recognized as an active professional in process automation safety industries. He is a CFSE (Certified Functional Safety Expert) and also a member of the advisory board of CFSE Governance Board. During the course of his career, he has managed many major projects in the Oil & Gas industry both onshore and offshore on Process Automation Safety & Control. Having involved with many major Oil companies such as Exxon, Shell, Sinopec, PetroChina, Total and so on, he is well versed with international standards and best practices. He has also helped to develop key product marketing specifications for safety PLC and SIS (Safety Instrumented Systems).

Presently, his is actively involved in developing cybersecurity technology through a startup, Attila Cybertech. This R&D is funded by NRF, CSA and IMDA. He has been a speaker or panelist in various Cybersecurity and Automation conferences.

View from the Boardroom: Cybersecurity, Artificial Intelligence, and Geopolitics Homeland Security

The Honorable John Tien, Deputy Secretary of the U.S. Department of Homeland Security, 2021-2023, will discuss how the topics of cybersecurity, artificial intelligence, and geopolitics are dominating discussions in Fortune 500 boardrooms. Mr. Tien currently serves as a Distinguished Professor of the Practice at Georgia Tech at the School of Cybersecurity and Privacy as well as the Nunn School of International Affairs. He also serves on the board of directors of Union Pacific Railroad and SAIC.

About the Speakers

John Tien

Board Director
Union Pacific

Former Deputy Secretary
U.S. Department of Homeland Security

Multi-sector leader with deep leadership experience in the private sector, U.S. Federal Government, U.S. military, and the non-profit sector. Currently serving as: a board director for Union Pacific (NYSE: UNP) and SAIC (NASDAQ: SAIC); a Distinguished Professor of the Practice at the Sam Nunn School of International Affairs at Georgia Tech; a Harvard Kennedy School Senior Fellow at the Belfer Center for Science and International Affairs; serving on nonprofit boards to include the Avalon Action Alliance supporting mental healthcare for veterans and first responders; and doing public speaking on leadership, the value of public service and various national security matters.

He previously served as the Senate confirmed Deputy Secretary of the U.S. Department of Homeland Security in the Biden Administration from June 2021 to July 2023. From 2011 to 2021, was a senior executive in Citigroup, leading teams as a managing director and in various chief operating officer roles. Served in three other presidential Administrations: Obama Administration National Security Council (NSC) Senior Director for Afghanistan and Pakistan; Bush Administration NSC Director for Iraq; and Clinton Administration White House Fellow for the U.S. Trade Representative.

Commanded a U.S. Army combat battalion in Iraq and served as the Board Chair for a national veterans non-profit. Rhodes Scholar, West Point First Captain.

Derek Harp

Founder and Chairman
Control System Cyber Security Association International (CS2AI.org)

Derek has served as a founder, CEO, or advisor of early-stage companies for the last 27 years with a frequent focus on cyber security.

Over the past decade, Derek has served as the founder and Chairman of the Control System Cyber Security Association International (CS²AI), a nonprofit organization dedicated to educating and supporting over 40,000 OT and ICS professionals around the globe. More recently, he has co-founded CambiOS Academy, LLC, an edtech company with an initial focus on tackling the cybersecurity skills gap by providing OT training delivered by the professionals who helped “invent” the industry. In addition, Derek founded and is committed to building the Level Zero Conference, where engineering meets cybersecurity to protect critical infrastructure.

Derek’s experience also includes co-founding the ICS Cyber Security business at the SANS Institute, serving as the founding GICSP Certification Steering committee chair, co-founding NexDefense, Inc., (now owned by Dragos) and CEO and co-founder of LogiKeep, Inc. At LogiKeep, Inc., where he was the co-inventor of Intellishield™, a pioneer IT security product which was later acquired by Cisco Systems. Derek is a former U.S. Navy Officer with experience in combat information management, communications security, and intelligence.

Derek pulls from his decades of experience as an entrepreneur, business owner and in cyber security to share interesting and relevant stories with his audiences.

Zero Trust Security: Cyber Resilience for OT Systems with Microsegmentation

Across critical industries, cyber threats are escalating in scale and sophistication, leveraging advanced intrusion and lateral movement techniques to disrupt core operations. As these attacks target critical industries, such as energy, manufacturing and healthcare, the impact extends beyond IT downtime to degraded OT. In this context, traditional perimeter-based defenses and OT security methodologies are no longer sufficient, making microsegmentation a foundational control for modern cyber-resilience., limiting lateral movement, continually enhancing policies.

About the Speaker

Justin Heyl

Modernization and Integration Principle
Navigator Solutions, Inc.

With over 20 years of experience across the disciplines of cybersecurity regulatory, compliance, governance, & Incident response, Justin has consistently driven corporate strategies and initiatives across diverse sectors, including healthcare, energy and technology. Currently serving as the Modernization and Integration Principle at Navigator Solutions leading the deployment of next-generation cybersecurity solutions, including Zero trust IT and OT, advanced threat hunting and forensics. In his previous role as Director of Cybersecurity & Enterprise Risk Management at Baxter Healthcare Corporation, he managed DOD/DHA/VA/ISO approvals, NGFW fedRAMP deployments, hyperscale drove cybersecurity cross business unit security initiatives, public disclosures and on the tiger team for ransomware and zero-days.

A member of organizations such as H-ISAC, HSCC, ISSA, InfraGard, and the Fortinet Customer Advisory Board, Justin leverages strong cross-functional leadership to align cybersecurity measures with business objectives. His expertise extends to auditing global environments against NIST CSF and CIS best practices, fostering strategic partnerships, cybersecurity risk quantification and conducting compliance assessments. Justin aims to contribute his extensive background and proven results toward driving innovative cybersecurity initiatives within forward-thinking organizations.

Beyond Technology: Building Cyber Resilience beyond the Security Team

Cyber resilience is often framed as a technology problem. Deploy the right tools, automate risk management, and security improves. In reality, cyber posture is shaped by decisions made across operations, supply chain, commercial teams, and engineering, as well as external stakeholders such as system integrators, vendors, and regulatory authorities. Strengthening resilience therefore requires more than better controls. It requires trust between cybersecurity teams and the broader ecosystem, transparency around cyber risk, and a shared understanding of core cyber concepts.
This session presents a practical framework for expanding cybersecurity influence beyond the technical domain. It explores how security leaders can build trust, increase transparency in risk discussions, and use thought leadership to raise the level of cyber understanding across IT, OT, business leaders, and external partners. Attendees will leave with practical approaches to translate cyber risk into decisions that align investment, operations, and accountability to strengthen resilience.

About the Speaker

Dee Kimata

Cybersecurity Thought Leadership Director
Schneider Electric

Dee Kimata is the Cybersecurity Thought Leadership Director at Schneider Electric, where she shapes and amplifies the company’s cybersecurity narrative through strategic engagements, executive communication, and industry positioning. Before this role, Dee served as the Global Director of Offer Management for Schneider Electric’s Cybersecurity Solutions and Services team, where she oversaw the commercial portfolio of products and services and the go-to-market strategy. Prior to joining Schneider Electric, Dee was the Global Product Manager for Cybersecurity at ABB within the Energy Industries business segment. During her tenure at General Electric, she held various cybersecurity roles, focusing on project management, IT governance, audit, and technical program management. Dee also worked as a cybersecurity strategy consultant at KPMG. She holds a finance degree from Creighton University and an MBA from Rice University. Dee is passionate about aligning technology with business demands.

Putting the E in P.A.C.E.: When Satcom Is Not Enough

What happens to your situational awareness when both the grid and your networks go down and stay down for weeks? MITRE’s Critical Infrastructure Risk-Informed Decision Analysis Platform (CIRIDAP) is designed to fill the current gap: there is no national Common Operating Picture (COP) for critical infrastructure in prolonged “dark sky” conditions, when power and IP-based, cellular, satellite, and landline communications are largely unavailable. Traditional P.A.C.E. planning assumes some power and limited comms will return within days, and today’s civilian COP tools (e.g., WebEOC) are not built to support shared, cross-jurisdictional visibility and decision-making when digital infrastructure is mostly offline. In 2025, MITRE designed and built a CIRIDAP prototype, including a graph database based on an all-hazards data model, a unified map-based dashboard, integrated long and short-range wireless links, and multiple field devices assembled from COTS components, with requirements shaped by state agencies, industry partners, and asset owners through interviews, a concept workshop, and a SIMEX. In a live demo in late 2025, CIRIDAP ran without grid power or public communications and still delivered near-real-time visualization of a simulated cascading critical infrastructure failure. This talk will cover how the system works, what we learned about improving ICS resilience and decision-making during extended outages, and options for scaling CIRIDAP into an operational capability for long-duration, large-scale disruptions.

This session will include a live demonstration of the technology (which is not for sale but we are looking for testing partners/industry feedback).

About the Speaker

Mark Bristow

Director
Cyber Infrastructure Protection Innovation Center (CIPIC) at MITRE

Mark Bristow is the Director of MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC), where he enhances the resilience of U.S. and allied cyber systems. In this role, he leads efforts to develop technical solutions and strategies to safeguard critical infrastructure from cyber and non-kinetic threats.

With two-decades of experience in cybersecurity, Bristow played a key role in responding to major cyber incidents, such as the Ukrainian power grid attack, breaches of U.S. election infrastructure, and Russian attempts to infiltrate the U.S. power grid. He is passionate about protecting critical infrastructure, understanding its foundational importance to the daily lives of the people it serves.

Before joining MITRE, Bristow served as the Branch Chief for Cyber Defense Coordination at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), focusing on national cyber defense. In this role, he used his expertise in incident response, industrial control systems, network monitoring, and defense to support national security and resiliency projects in addition to shaping national-level policy. Previously, he was the Director of the Hunt and Incident Response Team and the Incident Response Chief for the Industrial Control Systems Cyber Emergency Response Team at CISA and its predecessor, National Protection and Programs Directorate.

Bristow is passionate about mentoring and dedicates significant time to guiding and supporting emerging security experts. He believes mentoring, collaboration, and learning from others are essential to building a stronger, more resilient community of security experts. As a certified SANS instructor, he teaches the ICS515: ICS Visibility, Detection, and Response course, sharing his extensive real-world experience with students. He frequently speaks on industrial control systems security and has guest lectured at prominent institutions like Georgetown U, GMU, and the US Naval Academy.

Beyond the Fence Line: Securing the OT/Consumer Interface in the Age of DERs

Your OT perimeter is gone. It wasn’t breached by hackers; it was dismantled by EV chargers and smart inverters. As we connect critical infrastructure to consumer-grade IoT, the attack surface is expanding faster than we can patch. This session offers a survival guide for the decentralized grid. We’ll ditch the buzzwords to provide practical architectures for isolating “hostile” DERs, securing 3rd-party aggregators, and preventing load-shedding attacks. Secure the edge before it breaks you.

Topic: Practical approaches to securing industrial facilities from emerging technologies in distributed energy resources (DER).

The Premise: We spent decades building walls around our SCADA systems. Now, we are being asked to punch holes in them. The rapid adoption of Distributed Energy Resources (DER)—from Virtual Power Plants (VPPs) and industrial microgrids to fleets of EV chargers—has shattered the traditional OT perimeter. We are no longer just defending a generation plant; we are defending an attack surface that extends to the customer’s rooftop and the corporate parking lot.

The Problem: OT security teams face a paradox: the grid must modernize to survive, but every smart inverter, EV charging station, and grid-edge controller introduces a new, often unmanaged, vector for cyber-physical attacks. We are seeing consumer-grade IoT security colliding with critical infrastructure reliability requirements. How do you secure assets you don’t own, running on protocols you didn’t choose, connected to your most critical control loops?

The Solution: This session moves beyond the buzzwords of “Zero Trust” to provide a battle-tested blueprint for the DER era. We will strip away the vendor hype and focus on three practical pillars: Isolation, Interrogation, and Integration.

About the Speaker

Brian Foster

Grid Security – Enterprise Sr Advisor
Southern California Edison (SCE)

Brian Foster is a highly experienced OT security leader but started his career as a classically trained controls engineer. After many years he found himself drawn back to his passion in OT security and now specializes in the Energy Utility vertical.

In his roles with Energy Utilities, he has led and advised teams of cyber security engineers and architects to improve the security posture on multiple Grid Modernization projects and has the immense privilege of focusing on protecting our critical infrastructure, a responsibility he holds with the utmost dedication and reverence. Over the years, he has had the unique opportunity to oversee the safety and security of next-generation control systems, as well as enhancing the security of many legacy systems. This comprehensive experience has allowed him to drive both types of systems towards the increased security posture needed in today’s ever-evolving threat landscape.

Overall, his innovative approach and strategic vision to securing both state of the art and legacy systems has consistently placed him at the forefront of the industry. Today his focus is on anticipating and mitigate emerging threats to critical infrastructure.

Journey to OT Visibility

As cyber threats targeting Operational Technology accelerate, utilities must adopt deeper visibility into their OT environments to detect anomalous behavior, strengthen defenses, and support operational reliability. Journey to OT Visibility explores how modern monitoring capabilities—such as passive network analysis, behavioral analytics, and protocol‑aware inspection—provide the real‑time situational awareness needed to counter advanced adversaries. The session highlights the industry shift from traditional perimeter tools to adaptive, threat‑informed architectures and emphasizes how Internal Network Security Monitoring (INSM) requirements formalize the expectation for comprehensive OT visibility. Attendees will gain insight into aligning visibility initiatives with compliance, improving asset understanding, building trust with operational teams, and laying the groundwork for resilient, defensible OT networks.

About the Speaker

Alex Waitkus

Principal OT Cybersecurity Architect
Southern Company

Alex Waitkus is the Principal OT Cybersecurity Architect for the Southern Company Power Delivery Cybersecurity team.

His focus is on delivering design solutions to help enable strategic business initiatives through cybersecurity programs and collaborative defense initiatives to address threats to industrial systems and critical infrastructure and improve the risk posture of the business by analyzing existing organizational, infrastructure, and application security challenges and usage; identifies opportunities for improvement; and develops practical roadmaps for improving security posture. Alex also focuses on the study of systemic risk to the energy sector through multiple partnerships and engagements with peer utilities, national labs, and the Department of Energy, and holds the Certified Information Systems Security Professional and Information Systems Security Architecture Professional certifications as well as other Industry standard security certifications. A proven project and team leader, Mr. Waitkus’ functional areas of expertise include systems and communication protection, OT detection and monitoring, OT threat analysis, vulnerability analysis, information assurance (IA), business systems analysis, computer network exploitation, and project management and support.

Day 1 Close

Derek and Patrick close out Day 1 sessions with an introduction to Beer ISAC

About the Speakers

Patrick Miller

CEO
Ampyx Cyber

Patrick Miller shares over 35 years of IT/OT experience through his consulting services as an independent security and regulatory advisor for the Critical Infrastructure and Key Resource sectors. He is currently the CEO and owner of Ampyx Cyber, an industrial security consulting firm based in Portland, OR USA. Patrick is also the US Coordinator for the Industrial Cybersecurity Center, or CCI (Centro de Ciberseguridad Industrial) based in Madrid, Spain and an instructor for the Cyber Information Security Leader (CISL) course through CSA CPH in Copenhangen, Denmark.

Mr. Miller is an internationally recognized public speaker on the subjects of critical infrastructure protection, process and industrial control system (ICS/OT) cybersecurity, information technology (IT) cybersecurity, regulatory compliance (leading global expert on NERC CIP), audit and privacy. He is an active volunteer and member of several critical infrastructure security working groups. Patrick has been commended with a number of professional awards for his successful work in building information sharing functions and cybersecurity programs. In addition to his energy sector experience, Mr. Miller also held key positions in the water, telecommunications, finance and insurance sectors. Patrick is currently an instructor for the SANS ICS456 training on the NERC CIP standards.

Patrick’s career started in the 1980s with deep roots in the telecommunications industry. Over several years, Mr. Miller migrated from telecom to information technology management before taking a primary focus on cybersecurity as principal security consultant for Breakwater Security Associates in 2001 where he developed and managed the energy and utility security consulting practice. He then joined PacifiCorp as a senior information security consultant where he was responsible for enterprise and industrial control system cybersecurity as well as NERC CIP regulatory compliance for the organization. Patrick left the utility after 7 years to join the regulatory strata as manager of critical infrastructure protection (CIP) audits and investigations for the Western Electricity Coordinating Council (WECC) Regional Entity under the North American Electric Reliability Corporation (NERC) in their capacity as the Electric Reliability Organization delegated by the Federal Energy Regulatory Commission (FERC). Mr Miller left the regulator to reconnect with industry as director of the NERC CIP compliance consulting practice at ICF International. In 2010, Patrick founded the 501(c)(3) nonprofit organization EnergySec and became President, CEO, and chairman of the board of directors. EnergySec was contracted to the U.S. Department of Energy (DOE) to establish a new public-private partnership known as the National Electric Sector Cybersecurity Organization (NESCO), and Patrick was Principal Investigator of the program. After successfully ramping and transitioning the NESCO program and taking EnergySec from startup to operational, he rejoined the consulting world through The Anfield Group as a managing principal. In 2014, Patrick left the Anfield Group to form Archer Energy Solutions (later renamed to Archer International), a consulting firm focusing on industrial security. After 6+ successful years with Archer, Patrick sold his share in 2021 and formed Ampere Industrial Security (rebranded as Ampyx Cyber in 2024), the premier global security and regulatory consulting firm for industrial control systems and operational technologies.

Derek Harp

Founder and Chairman
Control System Cyber Security Association International (CS2AI.org)

Derek has served as a founder, CEO, or advisor of early-stage companies for the last 27 years with a frequent focus on cyber security.

Over the past decade, Derek has served as the founder and Chairman of the Control System Cyber Security Association International (CS²AI), a nonprofit organization dedicated to educating and supporting over 40,000 OT and ICS professionals around the globe. More recently, he has co-founded CambiOS Academy, LLC, an edtech company with an initial focus on tackling the cybersecurity skills gap by providing OT training delivered by the professionals who helped “invent” the industry. In addition, Derek founded and is committed to building the Level Zero Conference, where engineering meets cybersecurity to protect critical infrastructure.

Derek’s experience also includes co-founding the ICS Cyber Security business at the SANS Institute, serving as the founding GICSP Certification Steering committee chair, co-founding NexDefense, Inc., (now owned by Dragos) and CEO and co-founder of LogiKeep, Inc. At LogiKeep, Inc., where he was the co-inventor of Intellishield™, a pioneer IT security product which was later acquired by Cisco Systems. Derek is a former U.S. Navy Officer with experience in combat information management, communications security, and intelligence.

Derek pulls from his decades of experience as an entrepreneur, business owner and in cyber security to share interesting and relevant stories with his audiences.

Living off the land and delivering Over the Air

Hacking factories with AI, leveraging AI to execute pentests
followed by using Mesh to communicate offgrid (and no one can
trace you) Hands-on Fun

About the Speakers

Bryan L. Singer

Principal Director, Global OT Incident Response Lead
Accenture

Bryan L. Singer is one of the original pioneers of ICS cybersecurity, and has lead a career of over 25 years of innovation and strategic services for critical infrastructure. As Principal
Director and Global Leader for Incident Response Services for Operational Technology
(OT) at Accenture, Bryan spearheads cybersecurity solutions for critical infrastructure, leading
response efforts against major cyber threats across industries.
A pioneer in industrial control systems (ICS) security, Bryan was the founding chairman of
ISA/IEC 62443 and has served as a lead investigator in high-profile cyber incidents impacting
critical infrastructure. He co-authored Hacking Exposed Industrial Control Systems and
Cybersecurity for Industrial Control Systems, solidifying his reputation as a leading expert in
cyber-physical security across defense, manufacturing, energy, and healthcare sectors.
Bryan’s expertise is rooted in his military background as a Senior Intelligence Analyst with
the U.S. Army’s 337th Military Intelligence Battalion, 525 MI BDE. He supported 1st
Armored and 1st Infantry Divisions in Bosnia-Herzegovina, providing intelligence briefings
to military leadership and senatorial delegations. His focus on geopolitical analysis, threat
assessments, and operational security helped shape intelligence-sharing networks between
U.S. and allied forces.
Beyond cybersecurity, Bryan is a seasoned firearms and self-defense instructor with USCCA,
specializing in executive protection, emergency first aid, and countering mass shooter
threats. His training programs integrate risk assessment, situational awareness, and defensive
tactics, offering individuals and organizations a comprehensive approach to personal security.

Marc Visser

OT/IT Security Officer
Sec4OT

I have been working in Dutch industrial environments for around 20 years, from food to energy to automotive. Everyday life is filled with operational equipment, therefor i would like to share my insight of this world and need your help to safeguard our critical infrastructure.

Marc Visser owner of Sec4OT specializes in hands-on security such as digital twin, vulnerability management and raising an OT-security operations center this includes also training onsite engineering on security.

Cyber Resilience Quantification

“An organization’s resilience hinges on its financial capacity to endure
challenges. This workshop will teach participants to model cyber risk in
financial terms through hands-on exercises. Bring your laptop; each participant
will receive a SaaS account for exercises and report development. A
complimentary test-drive subscription to the software will be available for
post-conference use. Participants will model and report on at least one risk for
their or a fictitious organization.”

About the Speakers

Eric Cardwell

Vice President of Professional Services
Axio

Eric is a technically sophisticated, business savvy Security/Audit/Risk Management leader with success meeting compliance requirements, managing technology risk, and implementing controls in a cost-efficient manner. He specializes in the design, implementation and assessment of enterprise-wide Cybersecurity and Compliance Programs. He has extensive knowledge and experience in cyber risk quantification, third party risk management, cyber strategy implementation, security architecture, incident response, vulnerability management, and leading a cybersecurity professional services consulting team.

Shawn Bilak

OT Cybersecurity, Former Risk & Compliance Analyst Specialist
Southern Company

I am a Certified CMMC Assessor (CCA) and cybersecurity professional focused on helping defense contractors and critical infrastructure organizations turn complex compliance requirements into clear, defensible security programs. As the founder of Bilak Security Solutions, I specialize in CMMC Level 2 readiness, NIST SP 800-171 alignment, and risk-based cybersecurity strategy. My work bridges the gap between policy and practice translating technical controls into operational processes that stand up to real-world assessments, not just checklists. With a background in cyber risk, governance, and critical infrastructure protection, I bring an assessor’s mindset to every engagement: evidence-driven, outcome-focused, and aligned to DoD expectations. I partner with organizations to strengthen their security posture, reduce assessment risk, and build sustainable compliance programs that support long-term mission success. If your organization handles Controlled Unclassified Information (CUI) or supports the Defense Industrial Base, I help you move from uncertainty to readiness—with clarity, structure, and confidence.

Fireside Chat: Oil & Gas

Participate in a high-level discussion on the strategic challenges facing the modern energy landscape. Together, they will share personal insights on navigating market volatility, driving operational efficiency, and the long-term future of traditional energy in an increasingly digital world.

About the Speakers

Jeevan Sakti

Global ICS Security Engineering Supervisor
ExxonMobil

Jeevan is an industrial cybersecurity program leader with over a decade of experience that includes guiding cybersecurity strategy and execution for international sites across five continents. He initially joined ExxonMobil in hands-on roles and have earned several promotions to leadership in our Industrial Control Systems organization including running a global cyber program covering 30 countries.

His background and expertise span ICS/OT cybersecurity, risk management, instrumentation and controls engineering. He is passionate about securing the cyber-physical world for ICS/OT systems as we move towards IT and OT convergence.

In addition to his experience, he holds multiple certifications – CISSP, CISM, CISA, GICSP, GRID, CCDP, CCNA, CCNP – and additional training.

Bemi Anjous

Head of Global InfoSec/OT
Noble Corporation

Speaks 5 (English, Arabic, Portuguese, French and African) languages, and resided in 6 international (US, Saudi, India, Nigeria, Russia, and Singapore) countries as career demanded.

Over 30 years of oil, gas, energy, experience that span across Nuclear, onshore, offshore, refinery, chemical plants, and pipeline
Deeply passionate about Energy, Oil and Gas, Nuclear technology.
Bachelor – Information System Technology / Psychology – University of Houston (Main Campus)
Bachelor – Process Piping Engineering – University of Houston (Downtown).
Master – Risk Management – George Washington University.
Cyber Certifications – CISSO, CISSP, CISM.
Member Infra-guard – FBI, US Coast Guard advisory, Texas A&M Texarkana Advisory, IADC – Cyber security.
Love outdoors – Road biking, soccer, basketball, and golfing.
Lead the development of dept of energy cyber security maturity model framework.

The Insurable Gap: Why OT Security is the New Board Mandate

Background:
Cybersecurity risk has evolved from merely an IT issue to a core strategic and operational challenge, especially due to the convergence of IT and vulnerable, legacy Operational Technology (OT) systems. Recent, high-impact attacks (Colonial Pipeline, MWAA, Volt Typhoon) on critical infrastructure demonstrate that disruptions are inevitable and lead to severe financial, operational, and reputational costs, risking national economic stability.
Objective/Hypothesis:
Boards that shift from passive oversight to active ownership and integration of cyber resilience into enterprise strategy will significantly mitigate the financial and reputational costs of breaches, achieve sustained operations during disruptions, and leverage resilience as a source of competitive advantage and long-term growth. This includes the strategic use of cyber insurance and liability management to transfer residual risk and protect the balance sheet.
Methods:
The approach focuses on translating complex technical OT risks into board-level strategic actions. This is achieved through: 1) Cyber Risk Quantification (CRQ) (using Axio’s expertise to express risk in dollar terms for informed decision-making and insurance optimization); 2) AI-Driven Simulation (using ThreatGEN-powered exercises to model realistic, tailored attacks); 3) Cross-Functional Collaboration (engaging boards, executives, and field teams); and 4) Continuous Feedback Loops to evaluate and update incident response plans. The process relies on an ecosystem of strategic partners for risk transfer, adversarial testing, compliance, and zero-trust solutions.
Results:
A resilient enterprise is defined by its ability to Sustain operations during an event, Recover quickly, Adapt based on lessons learned, and Grow market advantage by demonstrating superior risk management. The strategic use of CRQ and AI-powered exercises with a comprehensive continuous feedback loop secures board approval for investment and ensures that both internal defenses and external risk transfer mechanisms (insurance coverage and liability protection) are optimized and aligned with the organization’s true financial exposure and risk appetite.
Conclusions:
Cyber resilience is a board-level fiduciary responsibility that encompasses both technical preparedness and comprehensive financial risk transfer. Boards must move beyond oversight to ownership, using quantifiable data to optimize cybersecurity investments, negotiate appropriate cyber liability insurance limits for first- and third-party losses, and position the organization to thrive in a volatile digital economy by turning preparation into a source of confidence and competitive strength.

About the Speakers

Shaun Six

President and CEO
UTSI International Corporation

Shaun Six is the President and CEO of UTSI International. He is a 3X entrepreneur with over 20 years of Business Strategy, Operations Strategy, IT/OT Innovation, PM and Consulting, Training & Development and Compliance experience.

Scott Kannry

Chief Executive Officer
Axio

Scott Kannry is a co-founder and the Chief Executive Officer of Axio, the leader in SaaS-based risk management software, which empowers security leaders to build and optimize security programs and quantify risk for better investment prioritization and decision-making.

Scott is the architect of Axio’s four-quadrant cyber loss impact taxonomy and the methodology for evaluating and stress testing insurance portfolios, a process designed specifically to better align overall cyber exposure with insurability. This approach was the first to codify the reality that cyber predicated losses can trigger numerous lines of insurance coverage.

Previously, Scott worked at Aon PLC, where he established and led the eastern region professional and cyber solutions team. While at Aon, he specialized in advising firms on emerging cyber exposures and designing customized risk transfer solutions. Scott worked with firms in all sectors but focused on critical infrastructure industries including energy, utility, and transportation.

Scott is a frequent speaker at industry events and contributor to insurance and cybersecurity publications. He has been recognized as a Crain’s Chicago “Notable Entrepreneur,” Business Insurance Magazine “Top 40 under 40” broker, Risk and Insurance Magazine “Power Broker,” and industry Rising Star by Reactions magazine. Scott received Bachelor of Science and Bachelor of Arts degrees from Case Western Reserve University, a JD from Northwestern Law School, and an MBA from the Kellogg School of Management. Scott is also the author of a turnaround and sports management MBA teaching case on the Chicago Blackhawks.

Nick Jennings

Vice President and the Philadelphia Market Leader
Aon

Nick is a Vice President and the Philadelphia Market Leader for Aon’s Cyber and E&O Broking Team within our East Region. In this role, he is responsible for managing the local broking team and consulting with clients on their cyber, complex professional liability, technology, and media risks by identifying exposures, managing insurance market relationships, strategizing, and creating tailored risk transfer solutions, as well as executing on policy terms, conditions, and servicing.

Experience
Nick joined Aon in 2021, bringing with him a wealth of experience from his previous roles in brokerage. Since moving to the insurance industry in 2017, Nick has honed his expertise in delivering strategic solutions tailored to client needs, leveraging a deep understanding of market dynamics and risk management. His brokerage experience is complemented by his background and previous roles as a management consultant, where he specialized in holistic technology advisory for over five years. Nick’s consultancy work focused on cybersecurity, systems engineering, and infrastructure, with a particular emphasis on cloud computing and hybridized computing environments. He also played a pivotal role in several large-scale migrations and integrations, due diligence engagements, and provided transaction advisory services in technology risk, specifically for mergers, acquisitions, and divestitures.

Expertise
Nick’s expertise includes complex risk transfer placement strategy development, execution, and management predominantly for large risk clients in Manufacturing, High Technology, Logistics, Transportation, and Healthcare. Nick’s expertise for these industries includes coverage gap analysis and risk transfer structuring; both traditional and alternative, contract review and analysis, and cyber advisory for general technology and infrastructure (compute, storage, networking) as well as operational technology (ICS/SCADA/MedTech).

Joe Carroll

Chief Information Officer & Head of Cybersecurity
CITGO Petroleum

Joe Carroll is the Chief Information Officer at CITGO Petroleum. Joe is responsible for all aspects of CITGO’s Information Technology and Cybersecurity Planning and Operations. Joe has over 40 years of IT experience in strategic planning, design and implementation of technologies that support the Downstream Oil & Gas Industry which include ERP, ETRM, CRM and several other systems. Additionally, Joe is responsible for the IT and OT Cybersecurity program at CITGO. Joe is a proven IT Executive, developing and leading highly effective IT teams that are client-driven and deliver high value solutions to the business. Joe collaborates with Sr. Business leaders across the organization to develop a transformational vision that aligns with the operating objectives of the company. Joe holds a Computer Science Degree from Oklahoma State University and an MBA from the University of Houston.

Grid Time Travel: Navigating Greenfield, Brownfield, and Legacy Technologies in the Modern Utility

Utilities rarely start from scratch. New technologies must be integrated into environments that include decades-old infrastructure and evolving operational needs. This panel explores how utilities navigate greenfield builds, brownfield upgrades, and legacy systems while introducing modern capabilities. Panelists will share lessons learned and discuss what the future grid may realistically look like.

About the Speakers

Carter Manucy

Director, Cybersecurity
National Rural Electric Cooperative Association (NRECA)

Passionate about improving cybersecurity (even before it was called that!) for utilities and finding ways to make it happen when time and money are major driving factors. Experience all the way up and down the path of IT and OT – from being the only one that can, to leading a team and showing how it can be done. Deeply technical but also able to communicate at all levels within multiple organizations to help drive the message of the importance of cybersecurity in our industry.

Proud member of multiple organizations, including Cooperative Utilities, Public Power representation, Cyber Mutual Assistance, NERC & regional leadership groups and community groups that drive inclusion and diversity in the cybersecurity space. Thought leader in new ways of using technology to solve problems, then finding mechanisms to make it happen through public/private partnerships. Leads by example with a proven track record of success and influence across the industry.

Rob Garry

Former Executive Chief Engineer VP Product Cyber Security
GE Power

Rob has retired from GE Vernova with over 35 year’s experience as executive leader in Industrial controls development, application, service and installation. His experience comes from working in GE various Industrial business’ developing controls for Fossil turbines (gas, stem, combined cycle) Solar, Wind and Nuclear, ) Oil & Gas Control Systems.
His most recent role at GE power gen was, Executive Chief Engineer and VP Product Security. Rob is a lifetime ICS controls, engineer, leaders, technologist, and advocate, from platform development to advanced applications in the Power Generation industry.
He had held roles at GE in leadership of design, development and delivery of control systems built around GE Mark*VIe platform. He began his adventure into Product Cyber, ten years ago as the industry and GE moved to address the growing risk of Cyber-attack on critical infrastructure and fielded, engineered products. In this role, he has matured a product security program, focusing on compliance, risk, customer requirements, engineering and advancing technology while pushing the common risk structure and methodology known across the Power industry. Rob resides in Greenville, SC

Jacob Kitchel

Senior Manager
Invenergy

Experienced security leader working with leadership in critical infrastructure, enterprise, and operations focused on growing and strengthening security organizations.

Strong background in architecture, security assessment, monitoring, network monitoring in large environments, vulnerability management, vulnerability assessment, penetration testing, regulatory environments, and framework driven security. Deep experience in Control Systems (SCADA, EMS, DCS/PCS) and global enterprise networks.

Cole Oursler, CISSP, CEH

Director of Information Services
Mountain View Electric Association

Cole Oursler is a technical leader with a passion for people. He believes that the most important part of technology is the end user. Cole has a history of successfully solving business challenges with technical and non-technical solutions. He has experience with cyber-physical and automation technologies ranging from 3D printers and CNC machines to PLCs and SCADA. Cole is a Certified Information Systems Security Professional (CISSP) and has a passion for cybersecurity, especially in critical infrastructure.

Cole is currently the IT supervisor of Mountain View Electric Association and a student in Georgia Institute of Technology’s Masters of Cybersecurity Cyber-Physical Security track. He has previous information technology experience in Education, Hydraulics and Manufacturing, and an Electric and Water utilities.

Personal Mission:
To make a positive impact on the lives of people. By living a life of integrity, compassion and grit.

Work Mission:
To demystify technology for the average user thereby facilitating the operations of the organization.

Key Perspectives in OT Security

This session explores the CS2AI-KPMG Control System Cybersecurity Annual Report, highlighting key trends from the last three years of survey data. Drawing on insights from over 500 global professionals, the presentation covers the most pressing challenges and priorities in OT security, while comparing these findings to recent public market analysis to identify where industry perspectives converge or diverge.

About the Speakers

Derek Harp

Founder and Chairman
Control System Cyber Security Association International (CS2AI.org)

Derek has served as a founder, CEO, or advisor of early-stage companies for the last 27 years with a frequent focus on cyber security.

Over the past decade, Derek has served as the founder and Chairman of the Control System Cyber Security Association International (CS²AI), a nonprofit organization dedicated to educating and supporting over 40,000 OT and ICS professionals around the globe. More recently, he has co-founded CambiOS Academy, LLC, an edtech company with an initial focus on tackling the cybersecurity skills gap by providing OT training delivered by the professionals who helped “invent” the industry. In addition, Derek founded and is committed to building the Level Zero Conference, where engineering meets cybersecurity to protect critical infrastructure.

Derek’s experience also includes co-founding the ICS Cyber Security business at the SANS Institute, serving as the founding GICSP Certification Steering committee chair, co-founding NexDefense, Inc., (now owned by Dragos) and CEO and co-founder of LogiKeep, Inc. At LogiKeep, Inc., where he was the co-inventor of Intellishield™, a pioneer IT security product which was later acquired by Cisco Systems. Derek is a former U.S. Navy Officer with experience in combat information management, communications security, and intelligence.

Derek pulls from his decades of experience as an entrepreneur, business owner and in cyber security to share interesting and relevant stories with his audiences.

Yosef Beck

Vice President of Cyber Security
CRH

Thrive in cybersecurity leadership roles providing business-enabling security for companies whose strategic leadership values their team’s input, lead with good integrity, view their employees as a competitive investment, have a strong history of hiring top talent, and embed security as part of their company’s DNA.

Passionate and self-driven security professional translating complex technical concepts into simple business language for companies to understand, prepare, and respond to cybersecurity events.

Experienced in forming, developing, and leading IT and security teams through transformations, M&A, product development, and security remediation projects, leveraging analytics and evidence-based approaches to reduce cost and increase executive support.

In-depth experience applying and complying with NIST Cybersecurity Framework, ISO 2700X, PCI-DSS, SWIFT, GDPR, CCPA, and China MLPS.

Bring an informed, global perspective to managing risk with input from local operations and compliance requirements.

Brad Willet

OT Security Infrastructure Architect
UPS

Brad is the OT Security Infrastructure Architect at United Parcel Service.

Blake Gilson

IT Strategy Manager
ExxonMobil

Blake Gilson is currently the IT Strategy Manager of ExxonMobil where he helps leads the direction and execution of the IT department’s overall industrial cybersecurity strategy. Blake holds a BA in Business Management Information Systems from the University of Houston and holds five cyber security Global Information Assurance Certifications, and DOE OT Defender Alumni.

Dee Kimata

Cybersecurity Thought Leadership Director
Schneider Electric

Dee Kimata is the Cybersecurity Thought Leadership Director at Schneider Electric, where she shapes and amplifies the company’s cybersecurity narrative through strategic engagements, executive communication, and industry positioning. Before this role, Dee served as the Global Director of Offer Management for Schneider Electric’s Cybersecurity Solutions and Services team, where she oversaw the commercial portfolio of products and services and the go-to-market strategy. Prior to joining Schneider Electric, Dee was the Global Product Manager for Cybersecurity at ABB within the Energy Industries business segment. During her tenure at General Electric, she held various cybersecurity roles, focusing on project management, IT governance, audit, and technical program management. Dee also worked as a cybersecurity strategy consultant at KPMG. She holds a finance degree from Creighton University and an MBA from Rice University. Dee is passionate about aligning technology with business demands.

Beyond the Silo: Integrating Security and OT Engineering for Excellence

This panel brings together cybersecurity leadership from critical infrastructure and energy sectors to discuss the evolving relationship between corporate cyber teams and the broader business. Experts will explore strategies for effective cross-functional collaboration, focusing on how security can move beyond a siloed function to become a true partner in operational success.

About the Speakers

Chris Roche

CISO | Director – Energy/ Critical Infrastructure Cybersecurity & Resilience
CI-Discern

Former Chief Information Security Officer (CISO)
NextEra Energy, Inc

Former Vice President & Chief Information Security Officer (CISO)
GE

Alex Waitkus

Principal OT Cybersecurity Architect
Southern Company

Alex Waitkus is the Principal OT Cybersecurity Architect for the Southern Company Power Delivery Cybersecurity team.

His focus is on delivering design solutions to help enable strategic business initiatives through cybersecurity programs and collaborative defense initiatives to address threats to industrial systems and critical infrastructure and improve the risk posture of the business by analyzing existing organizational, infrastructure, and application security challenges and usage; identifies opportunities for improvement; and develops practical roadmaps for improving security posture. Alex also focuses on the study of systemic risk to the energy sector through multiple partnerships and engagements with peer utilities, national labs, and the Department of Energy, and holds the Certified Information Systems Security Professional and Information Systems Security Architecture Professional certifications as well as other Industry standard security certifications. A proven project and team leader, Mr. Waitkus’ functional areas of expertise include systems and communication protection, OT detection and monitoring, OT threat analysis, vulnerability analysis, information assurance (IA), business systems analysis, computer network exploitation, and project management and support.

Dale Beauchamp

Sr Director Cyber Security Focused Operations
AMTRAK

A seasoned security professional with over 25 years of proven success leading cyber security and investigation organizations. Expertise in and a broad range of cyber security disciplines including digital forensics, e-Discovery, risk management, insider threat monitoring, vulnerability assessment, compliance, performance management, and policy development. Specialized skills in identifying and executing large-scale innovative solutions, designed to increase efficiency at all levels of the organization.
Proactive-leader of diverse teams that build collaborations and develop universally accepted policies and procedures. Well-versed in supporting and partnering with private industry, government, law enforcement and intelligence entities.

Jonathan Tubb

Industrial Cyber Security Officer
Siemens Energy

Experienced Senior Lead with a demonstrated history of working in the power generation industry. Skilled in Power Plants, Electric Power, Power Systems, Integration, and Research. Strong project management skills with a Computer Science and Engineering degree from The Ohio State University.

OT Defense WorkForce Roles and Training

NEW DoD Cyber Work Role “Control Systems Security Specialist.“ Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems, including security monitoring and maintenance along with stakeholder coordination to ensure the system and its interconnections are secure in support of mission operations. How many are needed in operational testing? How many needed to defend against OT cyber-attacks? Is training sufficient?

About the Speaker

Daryl Haegley GICSP, OCP

Technical Director, Control Systems Cyber Resilience
United States Department of Air Force

Mr. Daryl Haegley’s distinguished career includes military, federal, civilian and commercial consulting experience. While assigned to the Office of the Principal Cyber Advisor to the Secretary of Defense, he advised on cyberspace activities, cyber mission forces, and offensive and defensive cyber operations and missions. His role encompassed overseeing strategic cybersecurity efforts to protect the control systems and operational technology (OT) enabling the Department of Defense’s (DoD) critical infrastructure. Designated lead to draft the cyber-physical systems Federal and non-Federal skill and training gaps directed by the Executive Order on America’s Cybersecurity Workforce. For the past seven years, Mr. Haegley has brought awareness to the ever-increasing cyber threat to unprotected connected devices and has led the government to make change. Specifically, he has successfully advocated to change laws, DoD policy and standards, and academic curricula while initiating the first comprehensive facilities related control systems cybersecurity program of its kind within the federal government.

A recognized innovator and thought leader, he’s a contributing author to NIST Special Publication 800-82 R2 “Guide to Industrial Control Systems Security,” Unified Facilities Criteria 4-010.06 “Cybersecurity of Facility Related Controls Systems” and ‘Governance and Assessment Strategies for Industrial Controls,’ Springer technical publication, “Cyber-Security of SCADA and Other Industrial Control Systems.” Additionally: Immediate past President, Advisory Board, Control Systems Cyber Security International Association, D.C. Chapter; Fellow, Institute for Critical Infrastructure Technology (ICIT); Finalist, National Security Agency’s 2018 Frank B Rowlett Award for Individual Excellence in the field of Information Systems Security; and one of the founding members of the American Cyber League.

He maintains four certifications, three Masters’ degrees, two college tuitions & one patent.

Trust, Transparency, and Treachery: What the Friedman–Hagelin Agreement Teaches OT Security Professionals

A Cold War handshake that compromised global cryptography – and a modern reminder that in connected systems, unverified trust is the most dangerous vulnerability of all.

Through the lens of the Friedman–Hagelin cryptographic agreement, this talk explores how a secret handshake led to decades of compromised encryption, and what Cold War deception can teach today’s OT and ICS engineers about trust, transparency, and supply chain integrity in connected systems.

Program Description

Following the popular session “Encryption, Engineering, and Errors,” this new talk examines how a quiet handshake between American cryptographer William Friedman and Swedish engineer Boris Hagelin set the stage for one of the longest-running intelligence operations in history. Their “gentleman’s agreement” secretly weakened commercial encryption for decades. This decision offers striking parallels to today’s industrial cybersecurity challenges. Through a historical lens, attendees will explore how hidden dependencies, opaque supply chains, and unverified trust relationships can undermine modern OT and ICS systems, and how traditional engineering principles can help us design transparency, verification, and ethical integrity into connected infrastructure.

About the Speaker

Marcus Sachs

Senior Vice President and Chief Engineer
Center for Internet Security

Marcus (Marc) Sachs is the Senior Vice President and Chief Engineer at the Center for Internet Security. He is a retired US Army Officer and was a White House appointee in the George W. Bush administration. His private sector experience includes senior leadership roles at SRI International, Verizon Communications, the North American Electric Reliability Corporation, and Pattern Computer. Prior to joining CIS he was the Deputy Director for Research at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. He is a recognized cybersecurity expert with over 30 years of experience countering a wide range of cyber threat actors. Marc lives and works in Huntsville, Alabama.

Cognitive Architectures for Critical Infrastructure: When Your AI Analyst Never Forgets

One of the biggest problems in ICS/OT is one nobody is talking about. It’s institutional memory. Analysts and engineers rotate out. Contractors come and go. Tribal knowledge evaporates. Every new team member starts from zero, relearning the same lessons about your network that the last person spent two years accumulating.
What if you had AI agents that remembered every engagement, every vulnerability, every false positive — and could brief the next team lead on day one?
This talk introduces cutting-edge cognitive architectures for AI systems built with persistent memory, contextual reasoning, and domain expertise that survives across sessions, across teams, and across years. Based on real-world research building “MindStone,” a three-tier memory architecture that gives AI agents genuine continuity of knowledge, we’ll cover:
• Why stateless AI fails critical infrastructure — and why RAG and fine-tuning aren’t enough
• The three-tier memory model — how curated knowledge, associative recall, and working memory combine to create agents that actually know your environment
• The dream cycle — a novel approach to preserving critical context when AI sessions reset (and why nobody else is doing this)
• Live demonstration — watch an agent with persistent memory answer questions about past engagements it hasn’t been briefed on
• Practical applications — compliance, vulnerability assessments, threat monitoring, red team orchestration
• Security implications — what happens when you give an AI agent too much memory, and how to build guardrails that scale
This isn’t a pitch for a product. It’s a framework for thinking about AI memory in high-stakes environments — with honest discussion of what works, what doesn’t, and what keeps us up at night.
Key Takeaway: The future of ICS/OT security isn’t smarter AI — it’s AI that remembers. And the architecture to build it exists today.

About the Speaker

Clint Bodungen

Founder / Chairman / Head of Product Innovation
ThreatGEN

Clint Bodungen is a globally recognized ICS cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, “Hacking Exposed: Industrial Control Systems” and “ChatGPT for Cybersecurity Cookbook.” He is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the Founder/Head of Product Innovation at ThreatGEN as well as the Director of Cyber Innovation at MorganFranklin Cyber.

Renowned for his creative approach to cybersecurity education and training, Clint has been at the forefront of integrating gamification and AI applications into cybersecurity training. He created “ThreatGEN® Red vs. Blue”, the world’s first online multiplayer computer designed to teach real-world cybersecurity and “AutoTableTop”, which uses the latest generative AI technology to automate, simplify, and enhance IR tabletop exercises.

As AI technology continues to evolve, he hopes to help revolutionize the cybersecurity industry using gamification and generative AI.

Considering Cyber Conservative Operations

Cyber threats are driving the need for robust resilience strategies. This talk introduces the concept of Cyber Conservative Operations, a proactive approach to manage risk and maintain resilience in the face of imminent, but not yet occurring, cyber events. Leveraging Cyber-Informed Engineering (CIE), with the practice of conservative operations, this approach for planning and deploying protections and controls ahead of an incident ensures quick and efficient recovery from cyber threats.

This presentation will pull from this paper: https://www.osti.gov/biblio/3006950, describing the Cyber Conservative Operations approach and will seek feedback from attendees on the value of this research and insights on further research needs.

At the end of the presentation, attendees will learn about Cyber-Informed Engineering, and also a novel way to apply the principle of active defense and planned resilience to reduce the amount of attack surface available to adversaries in times of high threat that can be incorporated into a broader cybersecurity plan.

About the Speaker

Ginger Wright

Program Manager
Idaho National Laboratory

Virginia “Ginger” Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL’s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy.

Ms. Wright has led multiple cyber research programs at INL including DOE-CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.

People, Process and Pragmatic OT Security

From the lens of a control systems professional grounded in functional safety, this presentation explores how cybersecurity in Operational Technology (OT) must remain pragmatic, not prescriptive. True resilience arises when people, process, and technology are integrated around operational realities—where safety and reliability cannot be compromised. The session examines practical lessons from industrial environments where IT-style controls disrupted production, and contrasts them with workable approaches such as passive monitoring, process behavioural understanding, and safety-aligned governance. It advocates a unified mindset where cybersecurity complements—not conflicts with—functional safety, ensuring secure, reliable, and sustainable operations in an increasingly connected industrial world. Practical examples of pitfalls will also be shared.

About the Speaker

David Ong

Founder, CEO
Attila Cybertech

C.F.S.E., MBA
GICSP (SANS)
Founder & Managing Director, Excel Marco & Attila Cybertech

David Ong has over 30 years of professional experience and is widely recognized as an active professional in process automation safety industries. He is a CFSE (Certified Functional Safety Expert) and also a member of the advisory board of CFSE Governance Board. During the course of his career, he has managed many major projects in the Oil & Gas industry both onshore and offshore on Process Automation Safety & Control. Having involved with many major Oil companies such as Exxon, Shell, Sinopec, PetroChina, Total and so on, he is well versed with international standards and best practices. He has also helped to develop key product marketing specifications for safety PLC and SIS (Safety Instrumented Systems).

Presently, his is actively involved in developing cybersecurity technology through a startup, Attila Cybertech. This R&D is funded by NRF, CSA and IMDA. He has been a speaker or panelist in various Cybersecurity and Automation conferences.

Getting Started in ICS/OT Cybersecurity

Protecting critical infrastructure becomes more important each day as the frequency of cyber attacks and the number of attackers continues to grow. State adversaries are no longer the only ones targeting these specialized environments. Today’s attackers include ransomware groups, hacktivists, cyber mercenaries, and more. ICS/OT cyber security can seem complicated and even daunting at first, but it does not have to be. This workshop will help participants understand how to get started in ICS/OT cyber security and provide a path for getting up to speed quickly! Whether brand new to ICS/OT cyber security or a seasoned professional, this session will offer something for everyone.

About the Speaker

Justin Searle

Director of ICS Security
InGuardians

Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).

Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences. His current courses at SANS and Black Hat are among the world’s most attended ICS cybersecurity courses. Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.

Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU). He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP).

OT Security Crossroads – Engineering x Hacking

OT Security is still a young discipline that’s evolving. While everyone understands that OT is different from IT, the OT Security responsibilities are driven by or inherited from IT Security. Therefore the purpose-built products for OT Security try to meet IT Security’s expectations while avoiding a conflict with operations or causing downtime. E.g., a vulnerability scan could disrupt operations so a ‘hack’ would be a passive monitoring solution that can also provide assets & vulnerabilities information. Or another ‘hack’ for letting OT protocols stay unencrypted is to put the communication behind a Secure gateway for remote access. Besides such hacks, several engineering driven approaches are gaining traction. E.g., focus on resilience and reducing consequence – from a regulatory path such as Europe’s CRA, methodologies like cyber-informed-engineering, and the growth of standards (ISA/IEC 62443). So, which of these paths “Engineering” or “Hacking” will help us ‘solve’ OT Security? This presentation unpacks the nuances including timelines, budgets and practical risk considerations at the proverbial crossroads that OT Security is at.

About the Speaker

Vivek Ponnada

SVP of Growth & Strategy
Frenos

Vivek Ponnada is an OT Security practitioner with global experience and currently works at Frenos as SVP of Growth & Strategy. Having started his career in ICS as an Instrumentation Technician, Vivek became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa and South-East Asia. Post MBA, Vivek held multiple roles including Sales, Marketing & Business Development and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure industries (Power, Oil & Gas, Water, Mining etc.) at GE and XenonCyber and Nozomi Networks.

He is the co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks/contributions include DefCon ICS Village, ICS Cybersecurity Conference (Security Week), Industrial Security Conference in Copenhagen, and many others.

Vivek is a Chartered Engineer from I.E. India, MBA from The University of Texas at Austin and GICSP certification from GIAC. He is also a CS2AI fellow, member of ISA, ISACA and the Public Safety Canada ICS Security Symposium Advisory Committee.

2026 Speakers and Topics

Demystifying Network Monitoring: Best Practices

When Expectations Meet Reality: The Anatomy of Cyber Incidents Affecting OT Organizations

Keynote Address

Securing What Matters | Operationalizing Cyber Resilience to Reduce OT Risk​

Secure Remote Access for Operational Technology

Why Isn’t AI Transforming Critical Infrastructure (Yet)?

Securing the Skies: Cybersecurity Challenges and AI-Driven Threats in Drone Operations

Meandering No More: Escaping the Firefighter Trap in OT Security

“Accelerate” for OT: What Actually Translates?

Incident Response Table Top Exercise Using FEMA’s NIMS Incident Command System

Physics, Policy & Priorities

Building the Industry: A Founder Roundtable on the OT Cybersecurity Venture Ecosystem

View from the Boardroom: Cybersecurity, Artificial Intelligence, and Geopolitics Homeland Security

Building an OT Cybersecurity Organization: Bridging the Gap between your Board, Your Leaders and Your IT & OT Teams

Zero Trust Security: Cyber Resilience for OT Systems with Microsegmentation

Beyond Technology: Building Cyber Resilience beyond the Security Team

Continuous Risk Management in Flight

Putting the E in P.A.C.E.: When Satcom Is Not Enough

Beyond the Fence Line: Securing the OT/Consumer Interface in the Age of DERs

Securing a UNS Workshop

Journey to OT Visibility

OT Asset Discovery at Massive Scale

Day 1 Close

Living off the land and delivering Over the Air

Cyber Resilience Quantification

Fireside Chat: Oil & Gas

The Insurable Gap: Why OT Security is the New Board Mandate

Grid Time Travel: Navigating Greenfield, Brownfield, and Legacy Technologies in the Modern Utility

Key Perspectives in OT Security

Beyond the Silo: Integrating Security and OT Engineering for Excellence

Behind the Curtain: A Practical Guide to NERC Audit Success

OT Defense WorkForce Roles and Training

Trust, Transparency, and Treachery: What the Friedman–Hagelin Agreement Teaches OT Security Professionals

Cognitive Architectures for Critical Infrastructure: When Your AI Analyst Never Forgets

Applying Financial Quantification of Risk in ICS/OT Cybersecurity Decision-Making

Considering Cyber Conservative Operations

People, Process and Pragmatic OT Security

OT Risk Quantification for BESS: Using Cyber-Informed Engineering to Inform Decisions Across Engineering, Operations, and Leadership

Getting Started in ICS/OT Cybersecurity

OT Security Crossroads – Engineering x Hacking

Securing What Matters | Operationalizing Cyber Resilience to Reduce OT Risk