Shelborne Hotel – 9AM Monday

Fast, Focused & Taught By The Best

What You Need To Know To Contribute To ICS Cyber Risk Decisions

How is it different than other ICS security training?

  • It’s faster. What you need to know to shape the future of ICS and IIOT security.
  • It’s focuses on today and the future … not the past.
  • You get 10 dynamic and expert trainers in one day.
  • It’s in Miami South Beach in January.

The S4x19 OnRamp takes place the Monday prior to S4x19, January 14th. While you can buy an “OnRamp only” ticket, we expect most to buy the OnRamp + Main Stage ticket that gives the attendee access to everything but Stage 2: Technical Deep Dives. 


Topics and Teachers

Know Your ICS – Marty Edwards

2018 Keynotes: CS3, KICS, Industrial Control Cyber Security Europe Summit, Yokogawa Users Conference

This lead off lecture will tell you what an ICS is and what it does. You will learn the key components and different types of ICS, and you will learn what type of information you should create and maintain to know your ICS.

Architecture – Dale Peterson

2018 Keynotes: AFPM, OptICS, Asia ICS Cyber Security Conference, Southern Company, Generation Technical Conference, S4x18

The architecture of ICS has a huge impact security. The models of today and the future will be revealed as well as how security controls are overlaid on these ICS architectures. 

Protocols – Adam Crain

ICS protocols monitor and control a physical process, and they are purpose built to do this. This session will show the basic features of these protocols, identify the common protocols and where they are used, and importantly talk about the secure ICS protocols that are being developed.

Low Impact/High Value Assessment Tools for ICS – Jason Holcomb

The horror stories of security scanning tools and other security assessment processes causing outages and worse in ICS are true. This session will teach you what not to do, but more importantly how you can use assessment tools effectively and safely on an ICS.

Safety and Protection Systems – Bryan Singer 

The TRISIS attack demonstrates that attackers are learning that safety systems are deployed to stop high consequence events. Learn the purpose of safety and protection systems, how they are the same and how they differ from ICS, safety / ICS integration practices, and the importance of adding cyber risk to your safety and protection studies.

Attacks & Threats – Rob Lee

2018 Keynotes: ICSJWG, SANS ICS Summit, Hou.Sec.Con, Texas Cyber Summit … testified to Senate Energy and Natural Resources Committee

With the barrage of FUD coming from the media, and many ICSsec experts, discover what you should learn from recent ICS attacks and known threat actors. And importantly, what should you prepare for in the next 1 – 3 years.

Detection & Response – Chris Sistrunk

2018 Keynote: BSidesNOLA

Given the “insecure by design” problem with ICS protocols, apps and devices, protection is difficult if the attacker is past the cyber security perimeter. Detection is key to identify attacks early and response is necessary to prevent or limit the consequences. This is a fast-moving area in ICSsec. Learn what the leaders are doing today and will do tomorrow. 

Guidelines, Standards and Certifications – Jason Christopher

The acronyms around the sector, national and global “standards” can be daunting. Learn which ones are important; how they can be productively used; and which efforts to watch for the future.

Risk Management & Exec Communication – Patrick Miller

2018 Keynotes: KICS, CS3

Asset owners are not truly interested in security; they care about managing risk. Much ICSsec activity today is busy work with little risk reduction. Learn how to make decision from a risk management approach, and importantly how to effectively communicate with executives and board members to get the support you need for an ICS security program.

Cloud Services – Bryan Owen

The buzz term “Cloud Services” definitely applies to ICS. It starts with Predictive Maintenance and Efficiency Services, and it will go to Operators-in-the-cloud and more. Learn what is here, what is coming, and how to make sure you have the appropriate security.

Closing Q&A with Instructors

OnRamp Training Sponsors