SCHEDULE
Speaker and talk overview appear below the schedule (in order by first name).
​
7:30AM Doors Open
​
8:30AM to 8:40AM Opening Remarks
​
8:40AM to 10:00AM Keynote & AMA: Rob Lee (Room 135/136)
​
10:00AM to 10:15AM Break
​
10:15AM to 10:45AM Track 1 (Room 135/136)
Lessons from the Trenches
w/ Bryson Bort
​
10:15AM to 10:45AM Track 2 (Smith Courtroom)
Security by Design: Building Resilience into Industrial Control Systems
w/ Paul Veeneman
​
10:45AM to 11:00AM Break
​
11:00AM to 11:30AM Track 1 (Room 135/136)
The Soybean Chronicles: How a Little Bean Taught Us Big Lessons in OT Cybersecurity
w/ Kristin Demoranville
​
11:00AM to 11:30AM Track 2 (Smith Courtroom)
From Buzzword to Battlefield: The Cybersecurity Challenges of Smart Cities
w/ Marina Bochenkova
​
11:30AM Break
​
11:45AM to 12:15PM Track 1 (Room 135/136)
Building Multi-Agent ICS Cybersecurity Assistants and Tools with Large Language
Models
w/ Clint Bodungen
​
11:45AM to 12:15PM Track 2 (Smith Courtroom)
If your Control System isn’t Secure, it isn’t Safe
w/ John Cusimano
​
12:15PM to 1:15PM Lunch
​
1:15PM to 1:45PM Track 1 (Room 135/136)
Volt Typhoon: Annihilating the Lurkers
w/ Ashley Fairman
​
1:15PM to 1:45PM Track 2 (Smith Courtroom)
Planning & Executing a OT Penetration Test
w/ Talib Usmani
​
1:45PM to 2:00PM Break
​
2:00PM to 2:30PM ET Track 1 (Room 135/136)
Top 20 Cyber Attacks on Industrial Control Systems
w/ Andrew Ginter
​
2:00PM to 2:30PM ET Track 2 (Smith Courtroom)
ICS Cyber Hardening Challenges
w/ Larry Grate
​​
2:30PM to 2:45PM Break
​
2:45PM to 3:15PM Track 1 (Room 135/136)
From Final Destination to Final Exploitation
w/ Emma Stewart & Chris Sistrunk
​
2:45PM to 3:15PM Track 2 (Smith Courtroom)
Bridging the Gap Between ICS Cybersecurity and CMMC Compliance
w/ Stacey Oneal
3:15PM to 3:30PM Break
​to
3:30PM to 4:00PM Track 1 (Room 135/136)
What is Defensible Architecture?
w/ Tony Turner
​
3:30PM to 4:00PM Track 2 (Smith Courtroom)
Robust Systems, Robust Culture
w/ Andrew Dettmer​
​
4:00PM to 4:15PM Break
​
4:15PM to 4:45PM Track 1 (Room 135/136)
PANEL: Women in ICS/OT Cyber Security
Led by Maggie Morganti
​
4:15PM to 4:45PM Track 2 (Smith Courtroom)
When an Uninvited Guest Comes a Knocking - Lessons Learned!
w/ Rusty Gavin
​And
4:45PM to 4:50PM Wrap Up
​
5:00PM to 7:00PM After Party
​
6:30PM to 8:30PM Reception for Women in ICS/OT Cybersecurity
​
​
11​
Talk Descriptions (in alphabetical order by last name)
Marina Bochenkova
From Buzzword to Battlefield: The Cybersecurity Challenges of Smart Cities​
“Smart City” has been a trendy buzzphrase used by politicians, city planners, and tech companies for over a decade now — but their shiny promises gloss over dangerous realities. Downtime and damages in municipalities due to cyberattacks regularly make the news, but we focus primarily on securing and recovering IT systems. Smart Cities by nature use a combination of IT and OT systems but have no established or holistic approach for managing overlapping risks to both. The consequences to security from varied stakeholders involved in Smart City planning and implementation go unexamined. This talk aims to expand our definition of Smart Cities; discuss the data, human, and technological risks that they face; and share resources on how to deal with them.
Clint Bodungen
Building Multi-Agent ICS Cybersecurity Assistants and Tools with Large Language Models​
Regardless of your experience level with generative AI, using Large Language Models (LLM) to build production-ready ICS cybersecurity tools and applications is actually much easier than you might think. In this presentation, you will learn how to leverage LangGraph to build a modular framework for your own customized multi-agent cybersecurity assistants and toolset. You will be provided with a framework (and access to the GitHub repository) that works “out of the box” and step-by-step instructions on how to use and extend it. You don’t even need any Python programming experience, as you will learn how to leverage Cursor (a coding assistant framework) to act as your personal programmer.
Bryson Bort
Lessons from the Trenches​
How did we get here with the IT-OT security challenges? What are the threats? And, most importantly, what can we do to build a defensible enterprise to ensure we safeguard society.
John Cusimano
If your Control System isn’t Secure, it isn’t Safe​
The convergence of Information Technology (IT) and Operations Technology (OT) has exposed modern industrial control systems (ICS) to increased risk. Cyber threats have the potential to compromise the ICS systems that control potentially hazardous industrial processes, which could result in health, safety, and environmental incidents. While safeguards exist to protect against such hazards, depending upon the application, it is possible that a cyber threat could defeat multiple layers of protection, including basic process control, process alarms and safety instrumented systems.
This presentation will examine the importance of incorporating cybersecurity into an overall industrial safety risk management program and best practices for assessing OT cyber-safety risks.
Kristin Demoranville
The Soybean Chronicles: How a Little Bean Taught Us Big Lessons in OT Cybersecurity
What do soybeans, hackers, and national security have in common? More than you think. Agriculture isn’t just about food; it’s critical infrastructure, and it’s under attack. From ransomware shutting down meat processing to nation-state actors targeting food supply chains, cyber threats in agriculture can cause chaos far beyond the farm. In this fun, fresh, and slightly alarming session, cybersecurity expert Kristin Demoranville takes you on a journey through the wild world of agricultural cyber risks, proving that protecting soybeans might just save the world. Expect laughs, real-world stories, and a call to action because the next big cyber battlefield might be your dinner pla
Andrew Dettmer
Robust Systems, Robust Culture​
Security professionals are too often put in a position where they tell operations what they can't do. To build a secure focused culture security teams must find ways they can bring value to operations. This is best accomplished by focusing on robust, agile systems that add redundancy and flexibility into operational environments. This builds trust with operational staff who will be more likely to support more restrictive security measures.
​
Ashley Fairman
Volt Typhoon: Annihilating the Lurkers
The session "Volt Typhoon: Annihilating the Lurkers" focused on the discovery, techniques, and mitigation strategies for dealing with the state-sponsored threat actor known as Volt Typhoon. This advanced persistent threat (APT) group, attributed to China, specializes in long-term cyber-espionage operations, primarily targeting critical infrastructure sectors such as energy, water, communications, and transportation. The session detailed how Volt Typhoon employs stealthy living-off-the-land (LotL) techniques, making it difficult to detect by blending malicious activities with legitimate system processes. Key highlights included an exploration of how the group infiltrates networks through exploiting edge devices (such as routers and firewalls) and maintains persistence without deploying traditional malware, thereby avoiding detection by signature-based tools. The session also covered real-world case studies demonstrating the group’s ability to lurk undetected in networks for extended periods, posing a significant threat to national security and operational stability.
Rusty Gavin
When an Uninvited Guest Comes a Knocking! Lessons Learned.
Does OT cybersecurity really work and can we detect and isolate attempts to disrupt and destroy our ICS and SIS networks, ultimately stopping plant operations. The short answer is “yes”. The following real-life case study is a textbook example of a recent incident, where a single-entry point within the IT infrastructure can lead to, one or many, bad actor activities in the plant OT network environment. I will share a true cyber incident that crosses international borders. We will review the attack kill chain and timing of the incident, then step through the steps taken to isolate, investigate, and ultimately remediate the security gaps.
Andrew Ginter
Top 20 Cyber Attacks on Industrial Control Systems
To design effective defenses, we must know how attackers are coming after us. To compare the strength of two defensive postures, we must determine which attacks one posture defeats that the other posture does not. To understand the residual risk we accept, we must determine the simplest attacks with material consequences that our defensive posture does not defeat. Since nothing can ever be completely "secure," there are always such attacks. In this presentation we review 20 representative types of attacks, how they work, what defenses they defeat, and what examples of each we've seen in the wild in the last decade or two. This is essential background for engineering teams coming up to speed on cyber threats, defenses, and the intrinsic limitations of specific defenses.
Larry Grate
ICS Cyber Hardening Challenges
This presentation provides 6 key practical steps to work toward implementing the SANS top 5 controls in ICS environments.
Emma Stewart
Chris Sistrunk
From Final Destination to Final Exploitation
In the Final Destination films, everyday objects become harbingers of doom—exploding toasters ignite chain reactions, car washes turn murderous, and power poles collapse like dominoes. These elaborate, improbable disasters may seem confined to the realm of Hollywood, but they raise a chilling question: could similar events be engineered in the real world through cyberattacks on industrial control systems (ICS)? This session explores the technical feasibility of recreating the chaos of Final Destination by mapping iconic death sequences to real-world ICS architectures. We’ll analyze how cyber attack vectors such as unauthorized command injection, firmware manipulation, and cascading process disruptions could be weaponized to orchestrate disasters straight out of the films. At the same time, we’ll examine how safety systems, redundancies, and fail-safe mechanisms would—or wouldn’t—hold up against such deliberate sabotage. Blending cinematic inspiration with cutting-edge cybersecurity analysis, this talk offers a deep dive into ICS vulnerabilities and the chilling potential for real-world exploitation. Could a malicious actor mimic Final Destination's chain reactions with today’s technology? If so, are we ready to stop it? And if all else fails, perhaps the only way to avert disaster is to make a desperate pledge to the same unseen force pulling the strings in the films. This session will be presented by two of the chief chaos monkeys of the power grid in the United States, armed with firsthand experience in uncovering vulnerabilities, keeping the lights on—or turning them off on demand.
Sasha Mullins Lassiter
Her Story on the Journey into ICS/OT Cyber Security
​
Stacey Oneal
Bridging the Gap Between ICS Cybersecurity and CMMC Compliance
The cybersecurity of Industrial Control Systems (ICS) has become critical as adversaries increasingly target operational technology (OT) environments. At the same time, the Department of Defense (DoD) mandates compliance with the Cybersecurity Maturity Model Certification (CMMC) for contractors, including those operating ICS within the Defense Industrial Base (DIB). This session will explore the intersection of ICS security and CMMC compliance, outlining strategies for addressing both the unique challenges of securing OT environments and meeting DoD cybersecurity requirements. Attendees will gain insights into the technical and procedural steps necessary to bridge the gap between operational needs and regulatory obligations.
Tony Turner
What is Defensible Architecture?
Defensible architecture is a somewhat abstract concept that gets talked about a lot but is not well understood. It provides a comprehensive approach to establishing a secure foundation capable of withstanding and recovering from attacks. This talk will explore the core principles of defensible architectures including Secure by Design, Secure by Implementation and Secure by Operation, while addressing real-world challenges like mission context, legacy systems, resource constraints, and evolving threats.
Talib Usmani
Planning & Executing a OT Penetration Test
The importance of the pre-engagement of a OT penetration test, clearly drawing the expectations of a pentest and generally how its conducted.
Paul Veneeman
Security by Design: Building Resilience into Industrial Control Systems
Problem Statement: How can OT systems be designed to withstand cyber threats while ensuring the operational continuity of critical infrastructure? Focus: Discuss the concept of "security by design" in OT system architecture, integrating security measures from the ground up to ensure long-term resilience.