Presenters and Panellists
Philip Tonkin, Global Head of Cyber Operational Technology at National Grid
Philip has worked in the energy business for over 20 years, working in a wide range of disciplines. From field engineering to senior leadership positions, he has always been passionate about solving the challenges of digitising the energy supply industry. Using an understanding of the systems used by the industry along with experience in making decisions as an asset manager, he has led a number of key projects to move forward the understanding of cyber threat.
Now as the OT leader within National Grid’s security team his focus is securing the operational technology that underpins the operation of National Grid’s trans atlantic businesses, from Gas Transmission to Electricity Generation.
Steve Brown, Vice President, Enterprise Security Services and Chief Security Officer, Xcel Energy
Steve Brown is the Vice President, Enterprise Security Services and Chief Security Officer of Xcel Energy. He is responsible for all aspects of the company’s Cyber Security, Physical Security, Enterprise Continuity, Strategy Performance, and Security Governance & Risk Programs. A seasoned information security executive, Steve has over 35 years of industry and military experience in the field of security. Prior to Xcel Energy, he was the Vice President & Deputy CISO at Hewlett Packard, responsible for global security operations. He spent 13 years with Wells Fargo as the Senior Vice President of Information Management and Enterprise Information Security Operations. He started his career in the US Navy, where he spent 20 years in technical and leadership positions in Information Warfare, Signals Intelligence and Network Operations. Steve currently is on the Board of Directors of the Global Resilience Federation and Midwest Reliability Organization Security Advisory Council. He previously sat on the Board of Directors for Information Technology Information Sharing Analysis Center (IT-ISAC), the Board of Directors of the Financial Services ISAC (FS-ISAC), and as the co-chair of the Minnesota CSO Summit. Steve has a Bachelor of Science in Information Management from the University of Maryland and an Executive MBA from the University of Michigan.
Daryl Haegley, DoD - Office of the Principal Cyber Advisor to the Secretary of Defense,Director, Cyber Mission Assurance and Deterrence
Career includes military, federal, civilian and commercial consulting experience. Currently assigned to the Office of the Principal Cyber Advisor to the Secretary of Defense, advising on cyberspace activities, cyber mission forces, and offensive and defensive cyber operations and missions. Oversees the strategic cybersecurity effort to protect the control systems and operational technology (OT) enabling the Department of Defense’s (DoD) critical infrastructure. For the past six years, Mr. Haegley has brought awareness to the ever-increasing cyber threat to unprotected connected OT devices and has led the government to make change. Specifically, he has successfully advocated to change laws, DoD policy and standards, and academic curricula while initiating the first comprehensive facilities related control systems cybersecurity program of its kind within the federal government.
A recognized innovator and thought leader, he’s a contributing author to NIST Special Publication 800-82 R2 “Guide to Industrial Control Systems Security,” Unified Facilities Criteria 4-010.06 “Cybersecurity of Facility Related Controls Systems” and ‘Governance and Assessment Strategies for Industrial Controls,’ Springer technical publication, “Cyber-Security of SCADA and Other Industrial Control Systems.”
David Lawrence R&D Development and Technology Manager, DUKE ENERGY
Accountable for providing technology leadership for Smart Grid - Distributed Intelligencesystems, including business case development, requirements analysis, design, and prototypingof future systems. Currently focused on developing the Open Field Message Bus (OpenFMB) and cybersecurity best practices for distributed applications.
Working on requirements, design, and prototyping of Electric Grid - Distributed Intelligence (DI) future systems. Technology manager with experience in technology assessment, Grid cybersecurity and analytics, global development and systems roll-out, embedded systems product development, and Grid DI applications. Working in Energy Sector R&D to promote and develop future Grid products, systems, and services.
Lauren Goodwin, Former Vice President of Digital Transformation, BP
Lauren began her career in the space industry, leading systems engineering and integration for NASA on the International Space Station Program. She transitioned into the energy industry leading a center of excellence for data analytics in support of automated and predictive Upstream drilling and completions. Lauren was one of the first leaders to introduce automated expertise application via data analytics winning and speaking at SPE’s Digital Oilfield Conferences. At BP Lauren, served as Vice President of Digital Transformation and the Digital Security and Risk Officer. Lauren has a reputation for introducing the possibilities and application of data, analytics and automation with ethical, secure means of making a difference without causing risk. Lauren shares this experience with Executive Masters students at Columbia University where she is Associate Faculty. Lauren has a M. S. in Technology Management, with concentrations on Data Analytics and Cyber Security from Columbia University in New York. She was awarded Columbia University’s Alumni Digital Innovation Award.
ANDY KLING, Director of Cybersecurity and Software Practices, schneider electric
Andy has over thirty-five years of software development experience. He has worked in the Industrial Control Systems (ICS) development organization at Schneider Electric since 2001. Andy has ushered the Schneider Electric Process Automation Development team to the first in the world ISA Secure - Secure Development Lifecycle Assurance certification at multiple development sites, on three different continents. Andy actively participates in developing world-leading cybersecurity standards such as ISA/IEC 62443. In this responsibility Andy is chartered with improving the Secure Development Lifecycle adoption, ensuring that cybersecurity is part of every product produced.
Chris Blask,Global Director Industrial and IoT Security at Unisys
Chris Blask has been involved in the industrial control system and information security industries for more than twenty-five years.
Mr. Blask’s career spans the breadth of the cybersecurity spectrum. He invented one of the first commercial firewall products, built a multi-billion dollar firewall business at Cisco System, co-founded an early SIEM vendor and authored the first book on SIEM. Today he is Director of Webster University’s Cyberspace Research Institute where he oversees the operation of the Knowledge Sharing Directorate. He is also a Senior Partner at Fearless Security.
Nathaniel Evans, Cyber Operations Analysis and Research Lead, Argonne National Laboratory
While at Argonne National Laboratory, Nathaniel serves as the program lead for cybersecurity Analysis and Research within the Strategic Security Sciences Division. He is considered a key asset by the Department of Homeland Security (DHS) in several cybersecurity capabilities including the development of a cybersecurity vulnerability assessment called the Cybersecurity Infrastructure Survey Tool, currently used by the Cybersecurity Advisors (CSAs) and Protective Security Advisors (PSAs) to evaluate critical infrastructure around the Nation. Additionally, Nate has worked on a variety analysis of cybersecurity consequence and threat studies for the National Risk Management Center and led the first ever cyber-physical regional resiliency assessment.
He has been published in numerous subject areas including Moving Target Defense, where he developed an R&D 100 awarding instance called MORE-MTD, workforce development efforts in competitions such as the CyberForce Competition, Social Engineering, Cyber Dependencies, Regional Cyber Security and Internet Modeling and built one of the first public funded internet modeling testbed called ISEAGE.
Rick Kaun, VP of Solutions, Verve Industrial Protection
Rick Kaun is the VP of Solutions for Verve Industrial Protection: An OT cyber security solution provider. For over 16 years he has worked with all manner of industries on all sizes of projects around the word from front end scoping to large scale design and deployment of end to end cyber security programs. From regulated industries to best practice security thought leaders Rick always strives to help his clients create a manageable, scalable and cost effective cyber security program tailored to the specifics of each individual client.
Stephen Hilt, Sr. Threat Researcher, Trend Micro
Stephen Hilt is a Sr. Threat Researcher at Trend Micro. Stephen focuses on General Security Research, Threat Actors, Malware behind attacks, and Industrial Control System Security. Stephen enjoys breaking things and putting them back together with a few extra parts to spare. Stephen is a world-renowned researcher, having spoken at Blackhat US, and RSA, HITB and many more. His research has gained him Dark Reading top hacks of the year twice. Working at Digital Bond Stephen became a Nmap Contributor where he wrote some Nmap scripts for ICS and other mainstream protocols. This work took him into becoming an expert on ICS protocols and co-authored the book Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.
Nathan Faith, Cyber Security Manager, Exelon Nuclear Corporate Security
As a long-standing contributor in the public and private partnership toward cyber security programs, Nathan has a deep-rooted passion towards critical infrastructure protection. He has served as a contributing author on numerous industry documents and holds leadership positions on several task forces and working groups within the nuclear industry and in support of the Department of Homeland Security. Nathan Faith, MABOSM, CISSP, GISP, GCIH, GICSP is the Cyber Security Manager for Exelon Nuclear - Corporate Security. Nathan has worked in the nuclear industry for over 16 years, including more than 10 years managing nuclear cyber security programs. Previously, he filled electronic and software engineering positions within high-precision and government-regulated manufacturing environments.
Steve Batson, Senior Manager, Energy and Resources, Cyber Risk Services, Deloitte Advisory
Mr. Batson functions as a Senior Manager for Deloitte with 30 years of experience focused on designing and securing utility IT and ICS systems to meet NIST, NRC, NERC, IAEA, IEC, and ISO 27000 series cyber security standards and regulations. Mr. Batson is responsible for strategy, oversight of solutions, methodology development, personnel management, solution deployment for tactical teams, project leadership for utility cyber projects, and participation in domestic and global cyber security working groups including IAEA, IEC, WNA, ANS, DHS, and NEI. Mr. Batson has supported the infrastructure needs of multiple utilities and vendors in many countries.
· Currently supporting the writing teams for the following international cyber security standards:
· IEC 62645 - Nuclear Power Plants – Instrumentation and Control – Requirements for Security Programmes for I&C Systems
· IEC 63096 – Nuclear Power Plants – Instrumentation, Control and Electrical Power Systems – Security Controls
· IEC 62443 - Security for Industrial Automation and Control Systems
· Helped to write several IAEA standards and guidance documents for nuclear cyber security
· Currently participating on the NEI cyber security task force
· Currently supporting the DHS Nuclear Roadmap Steering Committee
Jason Christman, Vice President, Chief Product Security Officer, Johnson Controls
Jason Christman is Vice President and Chief Product Security Officer for Johnson Controls. He defines product cybersecurity strategy for the company and leads the Global Product Security organization in its mission to manage full lifecycle risk across the company’s diverse portfolio of smart building technologies, industrial IoT products, and data analytics platforms. He oversees development and deployment of differentiated capabilities that drive security and privacy by design, secure software development, advanced security monitoring, and coordinated incident response.
Jason has been a leader in control systems cybersecurity throughout his career and was an original member of ISA SP99 and co-author of the ANSI/ISA Technical Report on Integrating Electronic Security into the Manufacturing and Control Systems Environment. He is an expert in the human dimension of cybersecurity and draws from his military and industry experience in cognitive behavioral analytics to drive cybersecurity culture change.
Jason has a B.S. in Computer Science from Villanova University and a M.S. in Computer Science from Johns Hopkins University.
Andre Ristaino, Managing Director, ISA
Andre Ristaino is managing director of the ISA Automation Standards Compliance Institute (ASCI) based in Research Triangle Park, N.C. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure IACS certification program managed under the ISCI. The ISA100 Wireless Compliance Institute functions as an operational group within ASCI. Before ISA, Ristaino held positions at NEMA, Renaissance Worldwide, and Deloitte & Touche Consulting’s Advanced Manufacturing Technology Group, where he was a recognized leader in system life-cycle methodologies. Ristaino earned a BS in business management from the University of Maryland, College Park, and an MS in computer systems applications from the American University in Washington, D.C., with a focus on expert systems and artificial intelligence. Ristaino holds an APICS CPIM certification.
Glenn A. Merrell, CAP, ISA99-08 / 10 Co-chair, ISA Certified Automation Professional, Industrial Control Systems Security
Mr. Glenn Merrell, CAP is a senior industry consultant applying extensive experience in Industrial Control Systems (ICS), automation, safety, Critical Infrastructure Protection (CIP) and industrial security. Mr. Merrell is an ISA Certified Automation Professional with over 30 years of cross-sector multi-discipline expertise in industrial control systems, possessing a wide expertise base in real-time control systems including but not limited to electrical, instrumentation, process, manufacturing, machine and factory automation, Safety Instrumented Systems (SIS), industrial networks, SCADA, ICS Cyber Security and many others.
His substantial client list includes IBM, Siemens, Daimler / Mercedes Benz, Universal Studios, Miller Coors, Roche, AMGEN, MolyCorp, Maxtor, Ford Motor Company, General Motors, Kellogg, Armor Dial, Arizona Public Service, Gates Rubber Co., and many other companies.
Richard Ku, Sr. Vice President of Trend Micro IoT Security Business, sales, marketing and business development of Trend Micro Industrial IoT (OT) Security business in the Americas
Richard Ku has over 28+ years of hands-on experience working in the hi-tech and cyber security industry in a number of leading roles, as an individual engineer, threat researcher and senior management of different security product groups and market segments across End-point, Server, Email Messaging, Email Gateway and Cloud/SaaS for Trend Micro. Currently, Richard serve as Sr. Vice President of Trend Micro IoT Security Business and responsible for the sales, marketing and business development of Trend Micro Industrial IoT (OT) Security business in the Americas.
Noel Zamot, President, Atabey Group LLC
Mr. Zamot previously served as the Revitalization Coordinator for the Financial Oversight and Management Board (FOMB) for Puerto Rico. This was a Congressionally mandated role tasked with attracting private capital to revitalize Puerto Rico’s critical infrastructure, setting the conditions for economic growth. He launched the Critical Projects Process under Title V of the PR Oversight, Management and Economic Stability Act (PROMESA) to evaluate and fast-track projects to address the island’s critical infrastructure emergency. Mr. Zamot built and led a team performing financial, permitting and technical due diligence for over $8B of infrastructure projects for designation across the energy, transportation, housing and other sectors. He was nominated by the FOMB to be the Puerto Rico Electric Power Authority (PREPA) Chief Transformation Officer (CTO), and subsequently provided oversight for the development of the strategic transformation plan for the Authority in his role as Revitalization Coordinator. This vision was ultimately codified into the historic transformation and sale of the utility.
Prior to his appointment to the FOMB, Mr. Zamot was an entrepreneur and executive in the aerospace industry. He was the founding partner of Corvus Analytics LLC, a firm that helps businesses manage cyber risk and design cyber resilient systems. Corvus led teams that created an innovation accelerator for unmanned systems for the Commonwealth of Massachusetts; developed and taught methods to evaluate military systems against cyber threats for the US Air Force; and supported Defense Advanced Research Projects Agency (DARPA) projects in autonomy and robotics.
Ray Secrest, Sr. Security Manager, Tampa International Airport
Bio coming soon!
Franky Thrasher, Nuclear Cybersecurity Manager, ENGIE
Franky Thrasher is the Nuclear Cybersecurity Manager for ENGIE in this role he specializes in industrial control system security and has developed and successfully implemented a cyber-security program specifically dedicated to critical infrastructure, namely both nuclear power plants in Belgium along with all the companies gas fired, coal and combined heat cycle power plants. He has been active in information security roles for nearly 20 years in many different sectors, manufacturing,
utilities and services. He holds a Master of Science in Computer Security from the University of Liverpool as well as many professional certifications.
Matthew Bohne, Vice President, Chief Product Security Officer
Lead a global team of cybersecurity experts focused on making our products secure and thoughtfully incorporate privacy - all by design and by default. This is accomplished by a great team of Leaders, Architects, Penetration Testers, Trainers and experts who apply a standards driven, risk informed, secure software development lifecycle to our products.
David Batz, Senior Director, Cyber & Infrastructure Security, Edison Electric Institute
With over 20 years of electric company experience, David Batz brings significant industry knowledge inunderstanding and applying appropriate security solutions to address emerging threats and issues. In addition, Mr. Batz leverages a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with federal agencies including Department of Energy (DoE), and the Department of Homeland Security (DHS). He is a member of the SANS Institute Advisory Board and has served on the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Committee and CIPC-Executive Committee. Batz has authored various articles and presented at numerous events domestically and internationally on securing critical infrastructure, industrial systems and cyber security standards. Mr. Batz is a Certified Information Systems Security Professional (CISSP), and has multiple security certifications.