Richmond is a manufacturing city, teaming with operational technology. There has never been a more critical time for engineering and IT departments to come together to ensure the security of PLCs, and other automation equipment in our factories. This panel will address both the business and technical challenges facing this problem, as well as industry solutions.
Richmond AutoSec, hosted by the IEEE Student Branch at VCU in collaboration with the Richmond IEEE Computer Society and Cyber Security Club at VCU, will be a technical panel of security experts answering questions on automation security.
|When:||November 1st, 2018 7-9pm|
|Where:||VCU West Engineering Hall Auditorium, Room 101|
|Address:||601 W. Main Street, Richmond, VA 23220|
|Parking:||Street parking (free after 6pm)
Parking Deck at Main Street and Laurel Street ($2 / hr)
|Contact:||John Lundquist (firstname.lastname@example.org)|
Light refreshments will be provided one half hour before the event.
Automation is an ever increasing aspect of manufacturing today, as we try to increase the output of each worker through the augmentation of smarter, more efficient machines. Today's programable logic controllers are more capable, and as a result, more connected than those of the past. This panel will discuss the business challenges of maintaining the security of these vital systems, as well as the technical challenges, threat profile and consequences of inaction. There will be technical questions asked regarding specific attacks on PLCs, as well as specific business situations that complicate securing them.
Jake Kouns is the CISO for Risk Based Security that provides vendor risk ratings, vulnerability and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns is the founder of RVAsec and has also presented at many well-known security conferences, including RSA, Black Hat, DEF CON, DerbyCon, Bsides, CISO Executive Summit, IEEE, FIRST, CanSecWest, InfoSecWorld, SOURCE and SyScan.
He is the co-author of Information Technology Risk Management in Enterprise Environments, Wiley, 2010, and The Chief Information Security Officer, IT Governance, 2011. He holds both a bachelor of business administration and master of business administration degree from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including: ISC2's CISSP, and ISACA's CISM, CISA and CGEIT.
He has briefed the DHS and Pentagon on Cyber Liability Insurance issues and is frequently interviewed as an expert in the security industry by Information Week, eWeek, Forbes, PC World, CSO, and CIO Magazine. He has appeared on CNN as well as the Brian Lehrer Show, and was featured on the cover of SCMagazine.
Mubix (Rob Fuller) is a Staff Red Teamer. His professional experience starts from his time on active duty as United States Marine. He has worked with devices and software that run gambit in the security realm. He has a few certifications, but the titles that he holds above the rest is FATHER, HUSBAND and United States Marine.
Dan is the Chief Information Security Officer for Virginia Commonwealth University (VCU). He has worked in various areas in IT over the past 20 years, with a strong focus on information security for the past 13 years. Dan is a technology enthusiast who loves to continuously learn and experiment with various technologies. He holds a MS and MBA along with a number of industry recognized certifications.
Bill Smith is the Cybersecurity Architect at Tridium. He is responsible for managing the security posture of all the Tridium products including the Niagara framework. He currently has his CSSLP certification and has been working at improving the state of cybersecurity at Tridium for the last decade.
Paul Rodi attended the State University of New York Maritime College where he earned Bachelor's Degrees in Nuclear Science, and Computer Science and Mathematics along with a Coast Guard Engineering license. Following graduation, he served as a merchant marine watch officer and Instructor at SUNY Maritime. He then attended the University of Virginia where he earned a Master of Science in Nuclear Engineering. Upon graduation Rodi went to work for Virginia Electric and Power Company (now Dominion Energy) and has worked there for over 36 years in various departments. While working for Dominion, he earned a Master of Project Management Certificate from George Washington University, a Project Management Professional (PMP) Certification and a Global Industrial Cyber Security Professional (GICSP) Certification from the SANS Institute. For the past ten years, his work has been in IT Power Generation Cyber Security supporting the power generation units and NERC Critical Infrastructure Protection regulatory compliance. Rodi is married to his wife, Carol, and is the proud father of three engineers and has one grandchild.
Chip is a leader in the GE CIRT, Threat Management Team responsible for the Operational Readiness of all analysts, technology and processes within Incident Response Operations for all environments including enterprise, cloud and operational technology. He hold a Bachelor of Science Degree from Virginia Commonwealth University in Information Systems, and a Master's Degree from the University of Richmond in Disaster Science, along with IT and Security industry certifications.
Mike is an embedded software engineer with thirty years of experience. He graduated from University of Virginia with Bachelor's and Master's degrees in Aerospace Engineering. The majority of his career has been in embedded controllers and telecommunication products.
Mike is currently Principal Software Engineer at Symantec working on network security for the home. Consumers of "smart" devices present an ever increasing attack surface with unique challenges.
Mike also has a passion for mentoring and STEM education -- particularly, in high school robotics.