​

​

2x CEO, 3x Founder - services, product, and non-profit companies, Angel Investor in multiple pre-seed/seed startups. Speaker and teacher. Army officer and IC veteran. Press - happy to answer questions on government, cybersecurity, critical infrastructure, and national security. Always be kind and try to make a difference 🦄.

​

The future of the grid will be powered by AI—or undermined by it. As artificial intelligence transforms grid operations with faster fault detection, sharper forecasting, and smarter optimization, it also introduces new risks: cyber threats, regulatory uncertainty, and human-factor challenges. This talk presents a consequence-driven framework for deploying AI responsibly in the electric grid. We’ll showcase real-world applications across analysis and detection, prediction, and control/optimization, and introduce a new method for scoring AI risks against OWASP’s Top 10 AI/LLM vulnerabilities. Attendees will gain practical strategies to strengthen resilience, boost reliability, and deploy AI securely — ensuring the grid of the future is not only smarter but safer.

OT Security isn't that new anymore. For reference, the ISA 99 Committee was formed in 2002, and the first version of the 62443-2-1 was approved in 2009, around the same time that Stuxnet was discovered. So, why in 2026 are we still in such an infancy in OT Security across key critical infrastructure verticals? If OT Security were a student, we expect them to have graduated by now - however, it's as if there was never a syllabus to follow, so while sometime she studies the Alphabet in English, other times she's reading Shakespeare in Spanish. Overall, the 'teachers' or pioneers are so divided that the industry is struggling to tackle the onslaught that's already on, let alone plan for what's coming. This presentation covers the key issues & solutions - 1) Misapplied visibility focus and the managing dependencies for edge protection and secure remote access 2) Avoiding confusion of Asset Management & Network Security Monitoring that share infrastructure but are different applications altogether 3) Choosing the Platform vs. Best in Class solutions to scale across organizations and optimize resources.

​

UnDisruptable27 (U27) exists to translate high-level risk awareness into local readiness. Focusing at the nexus of water infrastructure and emergency healthcare, this initiative responds to an urgent reality: critical infrastructure faces a multidimensional threat, and most communities remain underprepared.

U.S. officials have testified about People’s Republic of China (PRC) hackers’ capability and intent to be able to disrupt domestic infrastructure by 2027. This targeting of critical infrastructure by PRC army units creates leverage in a potential conflict, as the disruption of civilian life could impair policymakers’ capacity for rapid response in a crisis. While we cannot control the PRC’s strategic aims, we can reinforce the resilience of our communities.

UnDisruptable27’s mission is to bridge this preparedness gap by equipping communities on the front lines with the information, tools, and support they need to mitigate the impacts of increasingly complex and cascading infrastructure disruptions. By empowering local leadership, infrastructure operators, and everyday Americans with accessible, actionable insights, UnDisruptable27 aims to enhance national resilience… starting at the local level.

There is no "one size fits all" when it comes to increasing your organization's Cybersecurity Maturity, and that is particularly true for ICS/OT environments. There can be competing priorities between IT, OT, and Leadership teams, and navigating needs, priorities, and zero days can be exhausting. Join us as we discuss cybersecurity regulatory requirements, impacts of cyber attacks on ICS/OT in the wild, and understanding how to go from zero to hero when it comes to protecting your environment.

​

As the electric grid evolves to accommodate hyperscale data centers, increased digitization, monitoring, and control, and new generation sources like small modular reactors (SMRs), the dynamics of power distribution are becoming increasingly complex—and increasingly fragile. In this talk, we introduce a novel metaphor using a Newton’s cradle to visualize the cascading effects of new OT technologies and changing operational paradigms on grid stability. By adjusting the cradle’s parameters—mass, string length, and timing—we illustrate how even well-intentioned innovations can introduce new vulnerabilities. But this isn’t just a physics lesson. We layer in the digital and cyber dimensions that amplify these effects: automation, digital monitoring and control, AI integration into planning and operations, and the growing attack surface of operational technology (OT). The result is a compelling, accessible framework for understanding how cyber-informed engineering must evolve to keep pace with the grid’s transformation.

Gaining meaningful hands-on experience with automation equipment is one of the biggest barriers for new practitioners entering ICS/OT security. Industrial gear is expensive, fragile, and rarely accessible outside an operational environment. That slows down learning and limits the talent pipeline—just when our community needs more diverse defenders than ever. This talk introduces a low-cost, beginner-friendly ICS/OT training kit that can be built in a single weekend using commodity hardware. The kit is intentionally simple, replicable, and fully documented by a growing community of tinkerers. The kit also only uses components one would see in a real-world automation system. During the session, I will walk through constructing a basic industrial process—including a fan, start/stop controls, indicator lights, and a four-rung PLC program. We will explore core industrial protocols such as Modbus and EtherNet/IP, demonstrate how to read and write I/O, and show how this small process can evolve over time with add-ons like a historian, additional sensors, and defense instrumentation. I’ll also demonstrate how the kit can be used to simulate common OT attack and detection scenarios, offering a safe environment for experimentation without PowerPoint and without needing a plant full of machinery. Attendees will leave with everything they need—including a parts list, wiring diagram, sample logic, and setup procedures to build their own starter OT lab, contribute to the community, and begin gaining real hands-on ICS experience.

​

Dr. Emma Stewart is a nationally recognized leader in energy resilience and cybersecurity, with over two decades of experience spanning national laboratories, electric cooperatives, engineering consultancy, federal advisory roles, and international research collaborations. As Chief Power Grid Scientist at Idaho National Laboratory, she leads critical programs at the intersection of cyber-physical security, consequence-driven engineering, and operational transformation for U.S. infrastructure.

​

Critical infrastructure organizations increasingly recognize that having an OT asset inventory is essential – but stopping at an inventory leaves a major gap. Modern operations require a living, governed, architectural understanding of the OT environment: how assets connect, how changes are controlled, how remote access is managed, and how risk is continuously informed by real data. This session unifies OT-focused guidance from CISA and the UK’s NCSC focused on creating a Definitive Record of OT Architecture. We will show how organizations can move from static lists to operationalized, continuously updated system knowledge. Attendees will learn how to pair taxonomy, change management, network documentation, and governance into a single, defensible architecture model that reduces risk, supports engineering workflows, and accelerates incident response. By walking through a practical 90-day plan drawn from the guidance and informed by extensive experience across various critical infrastructure sectors, the session highlights not only what to collect and document, but how to make it accurate, authoritative, and useful for operations, maintenance, and cybersecurity teams.

In the industrial sector, we have long prioritized "Availability" above all else, often at the expense of cyber. This has created a fundamental economic imbalance where the Unit Cost of an Attack remains negligible even as targeted attacks against OT systems are surging. Modern attackers are business people. They look for the highest ROI. In this session, we move beyond the technical post mortems of exploits to examine the adversary economics of OT security.

​

As digital transformation accelerates, the line between IT and OT (Operational Technology) is blurring-introducing new risks and new skill requirements for cyber defenders. This session will highlight why OT security skills are now critical for organizations with industrial or critical infrastructure, and outline practical, accessible ways for IT and security professionals to bridge the knowledge gap. We'll break down what makes OT environments unique, common threats and vulnerabilities, and the foundational skills needed to secure them. The talk will showcase real-life examples, such as the impact of ransomware on manufacturing and energy systems, and explain the core technical concepts behind OT network segmentation, asset visibility, and secure remote access. Attendees will gain a clear understanding of tools like SNORT, Wireshark and Firewalls can help protect OT environments-demonstrated through user-friendly scenarios rather than deep technical dives. Whether you're an IT security leader, OT manager, or new to the OT world, you'll leave with practical steps to upskill yourself, the team and strengthen your organization's industrial security posture.

Volt Typhoon has dominated headlines for several years as a unique, persistent, OT-targeting threat. Yet for all this attention, there has been no identified disruptive event linked to this threat actor - what gives? In this discussion, we will examine the "so what" behind Volt Typhoon given the entity's demonstrated tradecraft and, based on a review of historical OT-targeting events, likely next-steps. In this we will review Volt Typhoon's known tradecraft, how this aligns with OT intrusion requirements, and what reasonable actions we can project for Volt Typhoon-linked operations. Placing this in broader context, we will then outline what asset owners and operators need to do - today - to counter threats such as Volt Typhoon to identify intrusions or prevent intrusions from reaching the point of OT disruption. From this, attendees will learn how to conceptualize long-running, emerging threats and what best practices to take to harden environments to maintain availability, integrity, and safety.

​

Modern industrial networks rarely fail in isolation - yet most risk assessments still treat them as if they do. This talk introduces a visual and repeatable way to map how dependencies spread through OT environments, showing how issues in one layer (a network switch, historian feed, cloud connector, or shared vendor account) can quietly ripple three hops away into process instability or safety alarms. This beginner-friendly session walks attendees through the idea of dependency chain mapping and cascading path analysis (CPA) -- methods to trace who depends on whom across engineering, IT, and external service layers. Using relatable ICS examples, like a small SCADA outage that snowballed into logistic bottlenecks, this talk will show how to profile upstream and downstream dependencies, identify critical nodes, and monitor “early wobble” indicators before a fault becomes a full incident. Understanding Dependencies in ICS/OT Cross-sector vs. trans-sector dependencies explained through visuals. Why digital integration increases shared failure modes. Building a Dependency Chain Map Simple method: start from a critical process and walk upstream/downstream. What counts as a “hop” -- technical, procedural, or organizational. Cascading Path Analysis (CPA) in Practice Introduce the CPA framework: trace paths of potential failure. Show indicators to watch (e.g., slow network telemetry preceded historian lag). Reporting and Awareness Turning dependency maps into actionable heatmaps. How to communicate cascading risk to operations and leadership.

Building on last year’s vendor-agnostic framework for disaster recovery in operational technology (OT), this year's session expands into a practical, scenario-based methodology. The methodology discussed will work through a plant-level mock scenario, applying disaster recovery workflows to specific outage and loss scenarios. Through this scenario, a structured walkthrough will guide participants in developing critical components of a disaster recovery plan, while taking into account the dependencies, escalation pathways, and validation required to resume functional OT processes safely and efficiently.

​

This session uses a real-world case study to explore how cyber-informed engineering (CIE) can help design effective security controls in utility-scale battery energy storage systems. By following the path of a data packet and an electron, attendees will see how functional influence, control proximity, and trust relationships shape both system performance and cyber risk. The session highlights practical ways to integrate cyber security into the design of complex energy systems. Participants will receive access to tools and information about how to use CIE in their own infrastructure efforts.

Despite newer research suggesting it may not be that fragile, there maintains a fear of security testing against OT/ICS systems. And the fear isn't unwarranted - these are critical production systems with zero-tolerance for downtime. When we perform purple team tests against IT systems, there is almost none of this fear. How can we translate the open-book testing that is being done in corporate networks, and use it to gain a better understanding of our OT security posture? Verifying the effectiveness of defense in depth measures, such as OT-centric visibility, is becoming increasingly important. Purple Teaming in OT is a collaborative, open-book exam approach to understanding whether OT security tools effectively detect and alert on suspicious activity. OT Purple Teams bring together IT, OT, and security stakeholders that previously may not engage on a regular basis. In my talk I'll discuss a refined approach to planning and executing OT purple teams with an emphasis on safety. Focus will be put on designing a mock kill-chain that reflects real-world attacker techniques while limiting the risk of downtime for mission-critical assets. This approach allows teams to analyze the performance of their security stack and identify growth areas within networks that may usually be off-limits for other security assessments.

​

Substantial effort goes into prioritizing which vulnerabilities to address, but the work of securing industrial environments—and the need for information to support it—doesn’t stop there. Critical details of remediation options are often published in formats that are not machine-readable, hampering efforts at automation. This session will cover how remediation data differs from vulnerability data, the complexities and interdependencies of the landscape, and initiatives to standardize its reporting and distribution. Finally, it will discuss how this data can be used within an organization to support the vulnerability and patch management process.

The presentation provides the current research efforts on strengthening the cybersecurity of Cyber Physical Systems (CPS) mainly focusing on access control issues which are the root cause for increased attack surface

​

Check out the views of downtown Miami with your new BSidesICS family and friends!

​