Speakers & Trainers

World Class Content

CS3STHLM – the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems - is an annual summit that gather the most important stakeholders across critical processes and industries. CS3STHLM has been organized since 2014, and has quickly become the premier ICS Security Summit in Northern Europe!

Expo PresentationRU

Anton Shipulin

Presentation

Anton Shipulin

Global Presales Manager

  • Kaspersky Lab
  • Russia

Biography

Close

trainingFR

Arnaud Soullié

Training

Arnaud Soullié

Cybersecurity R&D Manager

  • Wavestone
  • France

Biography

Arnaud Soullié (@arnaudsoullie) is the cybersecurity R&D manager at Wavestone. For 8 years, he has been performing security audits and pentest on all type of targets. He specializes in Industrial Control Systems and Active Directory security. He has spoken at numerous security conferences on ICS topics : BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, DEFCON…He also has an interest in hardware security, and is the designer of DYODE (Do Your Own Diode): an open-source, low-cost, ICS oriented data diode.

Training

Pentesting Industrial Control Systems 22-23 October 09:00 - 17:00
Close

presentationUS

Ben Miller

PresentationTraining

Ben Miller

Director of Threat Operations

  • Dragos Inc
  • United States

Biography

Ben Miller is Director, Threat Operations Center at the industrial cyber security company Dragos, Inc. where he leads a team of analysts in performing active defense inside of ICS/SCADA networks. In this capacity, he is responsible for performing a threat hunting, incident response, and malware analysis mission for the industrial community. Previous to his role at Dragos, Inc. Ben was the Associate Director, Electricity Information Sharing & Analysis Center (Electricity ISAC) and led cyber analysis for the sector.

Presentation

Hunting and Responding in ICS with Mark Stacey

Training

Introduction to Threat Hunting in ICS 23 October 09:00 - 17:00 with Daniel Michaud-Soucy
Close

presentationCH

Cheng Lei

Presentation

Cheng Lei

ICS Security Researcher

  • NSFOCUS
  • China

Biography

Cheng Lei is an Industrial Control System Security researcher at NSFOCUS. His interest is mainly about PLC and DCS vulnerability exploitation and security enhancement. Over the years, he has released three Siemens CVE vulnerabilities.

Close

presentationUS

Dan Gunter

Presentation

Dan Gunter

Principal Threat Analyst

  • Dragos Inc
  • United States

Biography

Dan Gunter currently works as a Principal Threat Analyst at the industrial control system cyber security company Dragos. Before Dragos, he served in the US Air Force in a variety of role ranging from working in the Air Force's Computer Emergency Response Team to developing information security applications. Dan previously presented at Blackhat, Schmoocon, and s4x18.

Presentation

Stateful Protocol Hunting with Daniel Michaud-Soucy
Close

presentationUS

Daniel Michaud-Soucy

PresentationTraining

Daniel Michaud-Soucy

Principal Threat Analyst

  • Dragos Inc
  • United States

Biography

Daniel Michaud-Soucy is a Principal Threat Analyst, Threat Operations Center at the industrial cyber security company Dragos, Inc.. Daniel is focusing on threat hunting and incident response services within a variety of industrial environments. Daniel previously worked for Sempra Energy on RD&D tasks revolving around machine to machine automated threat response, data aggregation, advanced threat detection and secure system interfaces for ICS/SCADA. Daniel also worked with Red Tiger Security performing cyber vulnerability assessments and penetration tests on oil & gas, electrical power, water treatment and pharmaceutical ICS/SCADA environments.

Presentation

Stateful Protocol Hunting with Dan Gunter

Training

Introduction to Threat Hunting in ICS 23 October 09:00 - 17:00 with Ben Miller
Close

presentationBE

Dieter Sarrazyn

Presentation

Dieter Sarrazyn

Security Expert

  • Secudea
  • Belgium

Biography

Dieter is a freelance OT security expert who working extensively on industrial control system security including more than 10 years in a large electricity generation company. He performs SCADA security assessments, provides assistance in securing SCADA environments and helps customers to manage their suppliers’ security through doing security requirements management and security FAT and SAT tests. These activities are always part of a larger program, aimed at reducing business risks.

Presentation

Operator Jail breakout with Frank Lycops
Close

Expo PresentationUK

Dr Kevin Jones

Presentation

Dr Kevin Jones

Head of Cyber Security Architecture, Innovation and Scouting

  • Airbus Group
  • United Kingdom

Biography

Dr Kevin Jones is Head of Cyber Security Architecture, Innovation and Scouting at Airbus, leading a global network of; teams, projects and collaborations including; research & innovation, state of the art solutions development, and technology scouting for cyber security across; IT, ICS and Product security domains. He holds a BSc in Computer Science and MSc in Distributed Systems Integration from De Montfort University, Leicester where he also obtained his PhD: A Trust Based Approach to Mobile Multi-Agent System Security in 2010.

Close

moderatorSE

Erik 'Z' Johansson

moderator

Erik 'Z' Johansson

Independent Security Consultant

  • Trailing bits AB
  • Sweden

Biography

Independent security consultant that have experienced the challenges, frustration and satisfaction involved when implementing sustainable IACS cyber protection throughout the whole system lifecycle and across the globe. May offer controversial opinions on what it takes to reach a sustainable security posture. NOTE! The 'Z' is a legacy from ABB and not actually part of his name. It is however useful to distinguish this Erik from the Erik Johansson organizing this awesome event :)

Close

trainingSE

Erik Hjelmvik

Training

Erik Hjelmvik

Network Analyst

  • NETRESEC
  • Sweden

Biography

Erik is the creator of NetworkMiner and an experienced incident handler who has specialized in the field of network forensics.

Training

Network Forensics Training 22-23 October 09:00 - 17:00
Close

presentationSE

Erik Zouave

Presentation

Erik Zouave

Analyst

  • FOI - Swedish Defence Research Agency
  • Sweden

Biography

Close

presentationNL

Erwin Kooi

Presentation

Erwin Kooi

ICS/SCADA Architech

  • Alliander
  • Netherlands

Biography

Erwin has been working in information security for fifteen years and in IT for twenty-one years. He recently switched positions and is now working on designing SCADA / ICS systems for smart grids with a strong focus on cyber security, especially when integrating ICS and IT systems. He has a solid knowledge of healthcare IT and grid operator IT, both on the office side as on the operations side, both on the strategic level as on the implementation side. He holds a BSc Electrical Engineering and Master Security in Information Technology. In his rare spare time he likes to pick locks, program microcontrollers, participate in a local political party and care for his horses and hedgehogs.

Presentation

The good, the bad and the segmented with Rik van Hees
Close

presentationBE

Frank Lycops

Presentation

Frank Lycops

Security Consultant & Researcher

  • Asvalis
  • Belgium

Biography

Frank a freelance security consultant and researcher. He has 8 years of experience in both the IT and OT environments. During his work, he performed numerous penetration tests on OT environments, helped improving the overall security of various environments and discovered several vulnerabilities in widely sold devices.

Presentation

Operator Jail breakout with Dieter Sarrazyn
Close

Expo PresentationSE

György Dán

Presentation

György Dán

Professor in Teletraffic Systems

  • School of Electrical Engineering and Computer Science at KTH Royal Institute of Technology
  • Sweden

Biography

Close

Expo PresentationSE

Henrik Sandberg

Presentation

Henrik Sandberg

Professor in Large-Scale Control Systems

  • School of Electrical Engineering and Computer Science at KTH Royal Institute of Technology
  • Sweden

Biography

Close

Dinner PresentationSE

Jack Werner

Jack Werner

Freelance Journalist

  • Freelance
  • Sweden

Biography

Jack Werner is a freelance journalist and writer. In 2014 at the free daily Metro, he co-founded the prize-winning fact-checking effort Viralgranskaren. He is a popular lecturer on critial thinking on social media, and the author of two books, on creepypasta, ghost stories on the internet, (2014) and fake news and urban legends on social media (2018). Since 2015, he runs the podcast Creepypodden, a bi-weekly podcast about ghost stories with over 130 000 listeners.

Dinner Presentation

Fake news or folklore?

Image taken by Kate Gabor

Close

Expo PresentationDE

Jannis Utz

Presentation

Jannis Utz

Sales Engineer

  • Recorded Future
  • Germany

Biography

Jannis Utz has a successful 15+ year career in networking and security. Jannis has a strong background specifically in vulnerability management having worked the last years for Tenable and Qualys.

Close

presentationUS

Joe Slowik

PresentationTraining

Joe Slowik

Adversary Hunter

  • Dragos Inc
  • United States

Biography

Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other observables available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to ‘take the fight to the adversary’ by applying forward-looking, active defense measures to constantly keep threat actors off balance. When not hunting adversaries or playing with open source security projects, Joe loves playing ice hockey and building Legos.

Close

presentationSE

Jonas Almroth

Presentation

Jonas Almroth

System Architect

  • FOI - Swedish Defence Research Agency
  • Sweden

Biography

Coming soon.

Close

Expo PresentationSE

Jonas Dellenvall

Presentation

Jonas Dellenvall

CTO

  • Advenica
  • Sweden

Biography

Jonas Dellenvall is the CTO of Advenica AB, cyber security experts since 1993. Advenica is specialised in information security solutions for government, critical infrastructure and industry. Jonas previously held positions as Software Architect, product manager and VP of Marketing at Advenica. Jonas has a deep interest for both technology and it’s consequences for humanity and society: “It is equally important to do the right things as well as doing things right. Technical decisions of today are forming our future for many years to come. The impact on society is much more profound than most people realize.” On his spare time, he enjoys being outdoors for sailing, skiing or just enjoying nature. Jonas Dellenvall holds a M.Sc. in Engineering Physics and has more than 20 years of experience with System Development, including 13 years in the High Security Sector for Governments, Defense and Critical Infrastructure.

Close

presentationUS

Jonathan Homer

Presentation

Jonathan Homer

Chief of the Industrial Control System Group

  • NCCIC Hunt and Incident Response Team (HIRT)
  • United States

Biography

Jonathan Homer is the Chief of the Industrial Control Systems Group within the Hunt & Incident Response Team at the U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center. He has over 15 years of experience within the IT industry, specializing in incident response, industrial control systems, digital telecommunications architecture, and security awareness. Jon has a Master’s Degree in Technology Management, and earned his Chief Information Officer Certificate from the International Academy of CIO in 2016. Jon maintains a number of certifications including ISC2 CISSP and ProSci Advanced Change Management Practitioner.

Close

presentationDE

Kai Thomsen

Presentation

Kai Thomsen

Lead Incident Responder

  • AUDI AG
  • Germany

Biography

Kai is the Incident Response team lead at AUDI AG and currently working on creating a modern Cyber Defence organisation at Audi. Before that he established an IT Service Continuity organization at Audi and developed and executed crisis management training exercises for top management. Prior to Audi, he worked at SMS group, an engineering company for steel manufacturing plants. There he was responsible for network security architecture, NSM, and forensics. Kai holds an M.A. in computer science and English and American Literature from the University of Siegen. He is also a SANS Instructor for Industrial Control Systems Active Defense and Incident Response (ICS515) and chairing the SANS Automotive Summit and SANS ICS Europe Summit in 2018.

Close

presentationSE

Kristina Blomqvist

Presentation

Kristina Blomqvist

Program Manager - Program for Security in ICS

  • MSB - Swedish Civil Contingencies Agency
  • Sweden

Biography

Close

presentationNO

Lars Erik Smevold

Presentation

Lars Erik Smevold

Senior Security Analyst

  • KraftCERT
  • Norway

Biography

Lars Erik Smevold is a senior security analyst in KraftCERT. KraftCERT is the Norwegian energy sector and ICS CERT - a non profit incident response team. The focus for KraftCERT is to together with the companies, protect, detect and recover from incidents that may harm production or distribution of power or water. Lars Erik has many years of experience in the industry from the automation, telco business, and later from security in the energy sector - including the building of security operations center (SOC). In his spare time he enjoys experimenting in his lab.

Close

presentationSE

Lars Westerdahl

Presentation

Lars Westerdahl

Scientist

  • FOI - Swedish Defence Research Agency
  • Sweden

Biography

Close

Expo PresentationSE

Mads Dam

Presentation

Mads Dam

Professor in Teleinformatics

  • School of Electrical Engineering and Computer Science at KTH Royal Institute of Technology
  • Sweden

Biography

Close

presentationPL

Marcin Dudek

Presentation

Marcin Dudek

IT Security Expert

  • ComCERT.PL
  • Poland

Biography

IT security expert, member of ComCERT.PL Team, the team that delivers IT incident response related services. He specializes in the security of industrial control systems. A graduate of the University of Warwick in the Great Britain. Founder of the scientist circle at the Military University of Technology, dealing with cyber security. He has been awarded twice for finding vulnerabilities in Microsoft products. Together with the team, he won the award for the best decision-making document in case of cyber conflict in the Cyber 9/12 Europe Competition, organized by the Atlantic Council. Actively tweeting on @dudekmar

Close

presentationSE

Margarita Jaitner

Presentation

Margarita Jaitner

Analyst

  • FOI - Swedish Defence Research Agency
  • Sweden

Biography

Close

presentationUS

Mark Bristow

Presentation

Mark Bristow

Director

  • NCCIC Hunt and Incident Response Team (HIRT)
  • United States

Biography

Mark Bristow is the Director for the Hunt and Incident Response Team (HIRT) at the National Cybersecurity and Communications Integration Center (NCCIC) within the Department of Homeland Security (DHS). He oversees DHS’s efforts for assisting asset owners to respond to, remediate and recover from cyber incidents across government, critical infrastructure and private sector systems—most recently including securing the election infrastructure and addressing Russian attempts to gain access to the U.S. power grid.

Close

presentationUS

Mark Stacey

Presentation

Mark Stacey

Principal Threat Analyst

  • Dragos Inc
  • United States

Biography

Mark Stacey is currently a Principle Threat Analyst with Dragos Inc. In this role, Mark delivers holistic incident response, threat hunting, and adversary research for Industrial Control Systems worldwide. Prior to joining Dragos, Mark was a member of RSA's Incident Response team for 5 years where he provided incident response, discovery, and forensic services globally for private industry, financial institutions, law firms, foreign and domestic governments. Mark spent 7 years with the Department of Energy (DOE) performing cyber and intelligence analysis for various government clients. He has functioned in both cybersecurity operations and research within the intelligence community and frequently provides community education through outreach programs with federal agencies.

Close

trainingDK

Mikael Vingaard

Training

Mikael Vingaard

IT Security Consultant

  • EnergiNet
  • Denmark

Biography

Mikael Vingaard leverages his 15+ years of IT-security experience to build practicalinformation security with a real-life perspective. Mikael works as IT-Security Consultant at EnergiNet.dk, the Danish national transmission system operator. In his spare time, Mikael runs several research projects, build on Open Source softwareto make a positive difference to secure critical infrastructure environments.

Training

ICS Scada Honeypot Technical Training 22-23 October 09:00 - 17:00
Close

presentationUS

Monta Elkins

Presentation

Monta Elkins

Hacker-in-Chief

  • FoxGuard Solutions
  • United States

Biography

Monta Elkins is currently "Hacker-in-Chief" for FoxGuard Solutions, an ICS patch provider. A security researcher and consultant; he was formerly Security Architect for Rackspace, and the first ISO for Radford University. He has been a speaker at DEFCON , Homeland Security’s ICSJWG (Industrial Control Systems Joint Working Group), EnergySec's Security Summit, GE Digital Energy's Annual Software Summit, Toshiba's Industrial Control Systems Conference, NERC's GridSecCon and Emerging Technology Roundtable, ICS CyberSecurity by Security Week, UTC Telecom, and other security conferences. Monta is the author and instructor of the “Defense against the Dark Arts” hands-on, hacker tools and techniques classes, guest lecturer for local colleges and universities teaching rapid prototyping techniques and information security and teaches Arduino and other classes with Let's Code Blacksburg.

Presentation

Jumping Air Gaps
Close

presentationIL

Omer Zohar

Presentation

Omer Zohar

Independant Researcher

  • Independant
  • Israel

Biography

A security researcher for over a decade, Omer is currently exploring the opportunities emerging technologies such as blockchain and AI might create for the bad guys to improve their infrastructure and how to mitigate them. Omer has been conducting multidisciplinary research on malware behavior and detection methods, including on his last position as Head of Research for 'TopSpin Security', where he investigated malware C&C infrastructure and protocols to create a behavior based detection engine that correlates over a time series network and reputation data along with a deception overlay. He authored 'Deceive and Succeed: Using Deception for Post-Breach Detection' (Defcon 2016) where he investigated how malicious actors interact with various deception mechanisms to measure their effectiveness.

Close

presentationUS

Patrick Miller

Presentation

Patrick Miller

Managing Partner

  • Archer
  • United States

Biography

Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As Managing Partner at Archer Security Group, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. Mr. Miller is also the founder, director and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water and Financial Services verticals including key positions with regulatory agencies, private consulting firms, utility asset owners and commercial organizations.

Close

Expo PresentationDE

Ragnar Thobaben

Presentation

Ragnar Thobaben

Associate Professor in Communication Theory

  • School of Electrical Engineering and Computer Science at KTH Royal Institute of Technology
  • Germany

Biography

Close

Expo PresentationUS

Rick K. Peters

Presentation

Rick K. Peters

Director, Operational Technology Global Enablement

  • Fortinet
  • United States

Biography

Rick affords the Fortinet OT-CI team more than 37 years of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). As Fortinet’s Operational Technology Global Enablement Director, working for Phil Quade (CISO), he delivers cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. Prior to Fortinet, Rick led development of cyber capability across Endpoint, Infrastructure, and Industrial Control System technologies. Previously, Rick also served as an executive leader supporting the Information Assurance Directorate at the NSA. Earlier in his career, he served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.

Close

presentationNL

Rik van Hees

Presentation

Rik van Hees

ICS Security Architect

  • Alliander
  • Netherlands

Biography

Rik has been working in an ICS / SCADA environment for 10 years as an engineer, security architect and currently as a security officer for grid operator Liander. He has strong knowledge in designing and securing ICS systems on both the strategical as operational side and risk management. He holds a BSc of Electrical Engineering with a specialization in electronics. In his spare time he likes to play guitar, produce music, hike with his dogs and travel the world.

Presentation

The good, the bad and the segmented with Erwin Kooi
Close

trainingDE

Stephan Beirer

Training

Stephan Beirer

Senior Consultant

  • GAI NetConsult GmbH
  • Germany

Biography

Stephan Beirer studied and received his PhD in physics. Since 2006 Mr. Beirer has been employed with GAI NetConsult GmbH as a senior consultant and is the Head of Industrial Control Systems Security since 2012. He advises clients on the development and implementation of organizational and technical security policies and controls, on implementing an information security management system (ISMS) according to IEC 62443, ISO/IEC 27001 and ISO/IEC 27019 and on business continuity planning. His professional focus is on securing process control and automation technology, especially in the field of energy supply. He gained his experience in more than 200 ICS security projects in the field of energy, transportation and industrial manufacturing. He is an active member of several national and international standardization committees at DIN, DKE, IEC and ISO and the editor of ISO/IEC 27019.

Close

presentationNO

William Middleton

Presentation

William Middleton

Senior Engineer

  • Siemens PD Solutions
  • Norway

Biography

William works with Siemens PD Solutions in western Norway providing networking and security advice and configuration for ICS projects and LM customers. He has an MLS degree in Computer Networking and Telecommunications, and holds professional-level certifications from Cisco Systems. William has more than 25 years of experience in IT and has worked for Motorola, Adobe Systems, and Telenor in Norway before starting with Siemens in 2013. He enjoys fishing, hiking and Bikram yoga.

Close