Select Page

How do we follow up the 101-Level Onramp training and 201-Level Highway training? Of course, by heading out on the Autobahn with 301-Level training on the Monday prior to S4x22, January 24th. The more advanced content requires longer sessions, so the Autobahn will have four 1.5 hour sessions that will include time for your questions.

The Onramp and Highway training sold out. In fact, they were oversold and students were a bit crammed in. With the new 600 seat Stage 2 and 200 seat Stage 3 we have plenty of room to accomodate everyone in a spacious way.

The Autobahn topics are:


Instructor: Daniel Kapellmann Zafra assisted by others on the Mandiant team

Collecting and analyzing forensic data is a core component of the incident response process. This process is central to determining the scope of a compromise, the tools used by adversaries, and their capabilities. However, obtaining digital forensics and incident response (DFIR) data in PLCs and other level 1 devices. Embedded systems are normally outside of the scope of traditional forensic methodologies, defenders need to identify or define tools and new methodologies to gather data from these systems.

This session will help students take a systematic approach is to gather forensic data, build collection frameworks, set security baselines, and establish structured incident response processes related to PLC’s. Where possible native functionality built into OT devices will be used. Specialized tools will also be introduced that support this methodology.


Instructors: Vivek Ponnada and Dirk Rotermund

At S4x20, Jake Brodsky asked why engineers and technicians aren’t trained to code and configure PLC’s in a secure manner, and then gave examples of what should be taught and done. The S4 community took this great idea and created the Top 20 PLC Secure Coding Practices. These practices are not classic security controls, and they can be implemented in most PLC’s. You will get some vivid examples of how to implement some of the practices and why the practices are important. The kind of information you can use to get your team that programs your PLC’s to dig into this issue and the top 20 list.


Instructors: TBA

The zero trust principle and buzzword have been getting a lot of attention in 2021. SDN is one technical approach to achieving zero trust and is being deployed in leading/bleeding edge ICS. This session will begin by briefingly describing SDN and its benefits. The marjority of the session will provide examples and lessons learned from early SDN deployments. Learn what systems are good candidates (and what are not) for SDN; what are some of the major challenges in deployments and ongoing operations; and how the SDN deployment can provide network resilience.

As an added bonus, the session will describe how the SDN controllers can be deployed as containers.


Primary Instructor: A team from 1898 who is doing this bleeding edge work

Sure, data from OT is being exported to SIEM and then SOAR, but is anyone doing anything with it? Yes, and in this session you’ll learn where some of the early, low risk wins are and the who and how much is required to get those wins. Learn how automated isolation, workflow tickets, updates to asset management and more can be achieved. The session will use Swimlane, QRadar, Tripwire and other systems as examples, but the techniques can be used with any vendor systems.

Get Your Tickets For S4x22 And The Autobahn