Session 1: Test Your Assumptions Before You Test Your OT

You're worried about your OT security, so you want a penetration test. But what is an OT penetration test and how does it differ from IT? Do existing paradigms even bring value to your OT security program? This presentation considers the challenges of OT penetration testing by asking some hard questions and suggests answers based on rigorous examination of foundational concepts.

Speakers: Ric Derbyshire, Senior Security Researcher, Orange Cyberdefense and Charl van der Walt, Head of Security Research, Orange Cyberdefense

Session 2: In the Event of an Emergency: Investigating Break Glass Technologies

As demonstrated during the ‘Shields Up’ initiative, there is value in increasing organizational security postures in times of crisis. This presentation will identify different types and classes of break glass technologies and procedures. It will also share some examples of how this approach can be implemented within an asset owners environment.

Speaker: Sarah Freeman, Principal Cyber Engagement Operations Engineer, MITRE/CIPIC 

Session 3: Intro to Industrial Control Systems—Why Is It Running Windows XP?

Industrial control systems run our world: water, electricity, manufacturing. How and why do they work they do? Why should you care if you're "only in IT"? And most importantly, how can we defend them?

Speaker: Bryson Bort, CEO, Scythe