S4 is for you if:
you believe significant improvement in the security, robustness and value of ICS and IoT can happen in years, not decades … and you want to be part of the solution.
you are craving advanced content and new ideas in ICS/IoT security, OT and related fields.
you want to establish and renew relationships with the best in the world in ICS/IoT and related fields.
you want to be in a fun and inspirational environment that will send you back home charged up to make a difference.
S4 has grown from a 2-day event in a single 45-seat case study room to 3 days on 3 stages with 300+ of top ICS and IoT security talent in the world. The people who are driving change and influencing asset owners, vendors and the community. Add to that many unique and fun social events down in Miami South Beach in January, and S4 is an event unlike any other in ICS.
The best way to understand how the S4 content is unique is to watch the videos on the S4 Events YouTube channel. Or just ask a colleague who has come to S4 in the past. The very technical content that was the start of S4 lives on in Stage 2: Technical Deep Dives.
When the event moved down to the Jackie Gleason theater, a true concert quality venue, for S4x16, we added the Main Stage and brought less technical, but still advanced content. This is also where we bring in related field speakers such as an ex-CIA psychologist speaking on using email statistics to identify disgruntled insiders, applied fiction artist to show dramatic and provable improvements in CIP security training, Richard Clarke, General Michael Hayden, Mikko Hyponnen, and many more.
We spend a great deal of time hunting and reviewing possible sessions to create a compelling agenda every year, but in all honesty the highlight for many S4 alumni is the ability to spend time with the best in the industry at the social events.
We recognize “Hallway Con” is important. So we spend the afternoon of the middle day around the pool in what we call the “Cabana Sessions”. It beats walking around a hotel ballroom looking at tabletops. The Sponsors are in cabanas; there is food, drink and unique entertainment; security learning and challenges; and most importantly, a relaxed and enjoyable atmosphere the fosters communications. Add to this the Welcome Party Tuesday night, Craft Beer Bash onstage at the end of the event, and you will walk out of S4 with relationships and knowledge that will help you make a difference.
S4 Is Not For You If …
Everyone is welcome to come to S4. Truly. S4 started back in 2007 with the goal to create a community of advanced ICS security professionals that did not exist at the time. Creating and expanding that community is still a primary goal. We want to bring in diverse viewpoints and backgrounds with new ideas and challenging thoughts.
That said, S4 does not try to be all things to all people, and you may be better off considering ICSJWG, SANS, Joe Weiss’s event or others if:
You Are New To ICS Security
Speakers are told to avoid all beginner / 101 level content, and we review presentations beforehand to insure this. There are no explanations on what control systems are, basic ICS security concepts, demos that devices can be easily compromised, traditional ICS security good practices, etc. We assume the S4 attendee is well past these extremely important basics.
To be clear, there is a huge portion, certainly the majority, of the community that still needs the basics. There are still many who don’t understand the fragility and insecure by design nature of most ICS, or that access to the ICS allows the attacker to modify the physical process if they have the engineering and automation skills. There are still many people who need to know what an ICS is and why it is important to their business or life.
There are many other events that focus on and do a great job on this material. We specifically design the S4 to meet the needs and interest of the advanced ICS / IoT professional.
You Believe The Problems Are Intractable And Will Take Decades To Solve
This recommendation is for your own sanity.
I wouldn’t still be involved in ICS security if I believed this were true, and the agenda reflects new ideas and optimism. Even the offensive sessions are pushing new boundaries to spur new thinking on both attack and defense.
It’s not happy talk. There are major challenges, but they are not different in type or magnitude than other industries and fields of study have solved. You will find yourself in many conversations about possibilities and solutions, and you may get tired and frustrated at being the skunk at the party.
You Want To Keep Outsiders Out
Granted there are differences between IT and OT. Just like there are differences between pipeline SCADA and refinery DCS, or even differences between chemical plant ICS when the plants are of different sizes and making different products. However, the IT is different than OT and other similar phrases are often used to push others with different experience and skill sets away.
S4 seeks out new ideas and new people to join the effort to make ICS and IoT more secure, robust and valuable. We are trying to grow the club and consider solutions from other disciplines. Trying to do it all within an insular ICS community is one of the reasons progress has been slowed.
I wrote this article after repeated requests to explain S4 and how it compares to other ICS security events. Again, all are welcome to attend, and all will be welcomed by the S4 community. This article is to help you understand our thinking as we create the agenda, pick the location and venues, and organize the social events. Hopefully it will help you make an informed decision about coming to S4x18, Jan 16-18 in Miami South Beach.