Are your industrial automation and control systems (IACS) protected against malicious cyberattacks? These critical infrastructures are often run on outdated operating systems that hackers are increasingly gaining access to because of poor security. In the connected world we live in, every digital device is a potential vulnerability point and it is no longer a matter of whether you will be attacked, but when.
Join the International Society of Automation (ISA) for an elevated conference, focusing on expert discussions surrounding awareness and solutions for organizational threats/vulnerabilities based on the ISA/IEC 62443 series of standards. Endorsed by the United Nations and globally recognized, ISA/IEC 62443 is the world's only consensus-based series of industrial cybersecurity standards. This conference will provide you with a look into how the implementation of these standards can deliver a robust automation cybersecurity system so that you can quickly and efficiently respond to threats, while minimizing harm.
8:00 ET10:00 ET
Associate Laboratory Director, National and Homeland Security, Idaho National Laboratory
Biography: Mr. Zachary (Zach) Tudor is the associate laboratory director of Idaho National Laboratory’s National and Homeland Security (N&HS) directorate. INL’s N&HS is a major center for national security technology development and demonstration, employing 550 scientists and engineers across $300 million in programs. N&HS is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection, Defense Systems and Homeland Security missions. These missions include safeguarding and securing vulnerable nuclear material, enhancing the overall security and resilience of the nation’s infrastructure, and providing protective system solutions and heavy manufacturing of armor for national defense. N&HS supports major programs for the Department of Defense (DOD), Department of Homeland Security (DHS) and the Intelligence Community. Tudor was previously a program director in the Computer Science Laboratory at SRI International, where he served as a management and technical resource for operational and research and development cybersecurity programs for government, intelligence and commercial projects. He supported DHS’ Cyber Security Division on projects including the Linking the Oil and Gas Industry to Improve Cybersecurity consortium, and the Industrial Control Systems Joint Working Group. He has served as a member of the (ISC)2 Application Security Advisory Board and the NRC’s Nuclear Cyber Security Working Group, and vice chair of the Institute for Information Infrastructure Protection at George Washington University. Prior to SRI, Tudor led a team of cybersecurity engineers and analysts directly supporting the Control Systems Security Program at DHS, whose mission is to reduce the cybersecurity risk to critical infrastructure systems. Past assignments include on-site deputy program manager for the National Reconnaissance Office’s worldwide operational network, information security manager for the Secretary of Defense Chief Information Officer Enterprise Operations Support Team; security management support for the Centers for Medicare and Medicaid Services; and several senior level consulting positions including vice president of SAIC’s Enabling Technology Division, and senior manager for DOD programs at BearingPoint’s Security Practice. A retired U.S. Navy Submarine Limited Duty Electronics Officer and chief data systems technician, Tudor holds an M.S. in information systems concentrating in cybersecurity from George Mason University, where he also was an adjunct professor teaching graduate courses in information security. His professional credentials include the Certified Information Systems Security Professional, Certified Information Security Manager, and Certified Computer Professional.
10:30 ET10:45 ETAbstract: Join ISA and Jim Labonty as we take a look at Pfizer’s supply chain, where cyber risks have emerged and what they are doing to combat these risks.
Director, Global Head of Automation engineering, PGS Control System, OT Cybersecurity Lead, Pfizer
Biography: Jim is a process control & systems architect with subject matter expertise in process automation, network infrastructure, OT cybersecurity, information systems and manufacturing execution systems for the life science industry. He has been with Pfizer for 14 years, 11 of which he has been the director of global Automation engineering. Before Pfizer Jim spent time at Rockwell Automation and Eli Lilly and Company giving him a full background in Systems Architect and Control Engineering. He has two Bachelor degrees in Chemical Engineering and Electrical Engineering from the university of Maine and Rochester Institute of Technology respectfully. He then obtained a Master’s of Executive Management and Business Administration from Purdue University.
11:15 ET11:30 ET
ISA President, CEO, National Automation, Inc.
Biography: Steve is a licensed Professional Engineer (Texas, Kansas) and UK Chartered Engineer with technical development and management experience in process automation and business process re-engineering across multiple sectors.
He is a Fellow of the Institution of Engineering and Technology and former Chairman of Americas Regional Board, former Chairman of Control & Automation Technical & Professional Network.
He is the current president of ISA, Certified Automation Professional (CAP), former board member of Automation Federation, GIAC Global Industrial Cyber Security Professional (GICSP), GSX Certified Mission Critical Professional (CMCP), former Chair of Automation Federation's Cyber-security committee, member of ISA99 committee, and a published author on cybersecurity.
He currently works with companies like BP to improve their performance through the identification of process bottlenecks and the intelligent introduction of technology to remove them.
His specialties include Automation, remote monitoring, telemetry, SCADA, risk management, safety assurance, cybersecurity assurance, six sigma, business process analysis.
Formerly Senior Engineering Fellow, Honeywell
Kevin Staggs: Kevin has over 40 years of experience as an engineering fellow with Honeywell. He considers himself semi-retired right now as he is still doing a little freelance consulting. Kevin began working for Honeywell in 1976 and has seen them go through so many stages of innovation and change. He has a wealth of knowledge on their engineering sector and the implementation of those changes. Kevin has a Bachelor of Science from DeVry University in Illinois.
Chief Technology Officer, Admeritia GmbH
Sarah Fluchs: Sarah Fluchs is the Chief Technology Officers at Admeritia GmbH, which specializes in OT Security. With her role, she is driven by making OT Security doable. An engineer herself, Sarah is convinced that creating solid engineering methods speaking the language of automation engineers is key for OT Security. Sarah has a Bachelor’s degree in mechanical and process engineering and a master’s degree in automation engineering. As a scholar of the German Academic Scholarship Foundation and ThyssenKrupp throughout her studies, she’s gained process industries experience at ThyssenKrupp Industrial Solutions USA. Completing her master’s degree at the German Federal Office for Information Security, she helped develop the water utilities’ industry standard for IT Security. After joining Admeritia, Sarah continues her engagement for standardization at ISA99 / IEC TC65 and its German mirror committees, focusing on OT security engineering for smart manufacturing and security for safety. She perseveres in her effort to keep standards viable, throwing in her experience in implementing IEC 62443 and German critical infrastructure security standards with asset owners, integrators, and vendors.
Cybersecurity Risk Management Manager, Chevron
Ashish Shah Ashish is a cybersecurity and data privacy professional with over 18 years of experience. Has assisted multiple organizations in various industries in making strategic and tactical risk management decisions. He has been with Chevron for 9 years, but was with Deloitte, ExxonMobil, Arthur Anderson, and Geokinetics Inc giving him a wealth of knowledge in multiple industries and a primary emphasis on the oil and gas industry. Ashish is a Baylor University graduate with a Bachelor’s in Biology, a Master’s in Science and an MBA. He is very passionate about developing top notch training content and Cybersecurity Risk Management.
CAP Owner & Certified Automation Professional at Industrial Control System Security
Glenn Merrell: Glenn is a senior industry consultant applying extensive SME experience in Industrial Control Systems (ICS), automation, safety, Critical Infrastructure Protection (CIP), robotics. Mr. Merrell is an ISA Certified Automation Professional with over 35 years of cross-sector multi-discipline expertise in industrial control systems, possessing a wide expertise base in real-time control systems including but not limited to electrical, instrumentation, process, manufacturing, machine and factory automation, Safety Instrumented Systems (SIS), industrial networks, SCADA, IACS Cyber Security and many others.
Mr. Merrell has a wide range of cross-sector knowledge spanning many aspects of product and process development projects from stakeholder management, conceptualization through project deployment in North America and global regulatory environments. He has experience encompassing project management, hardware and software development, system testing, quality assurance and quality control, conformity in regulatory environments CFR/FERC/NERC CIP, system-production-product-process validation, hazard assessment/ risk mitigation, and process improvement. Mr. Merrell additionally performs European Union EC/CE compliance self-certification training and compliance in many areas of EU Directives involving ICS and the Machinery Directive. His client list covers Fortune 500 companies.
Digital Industries, Strategy & Technology Cybersecurity, Siemens AG
Dr. Kai Wollenweber is at Siemens Digital Industries responsible for the governance in the areas of cybersecurity standardization, regulation and conformity assessment. Since more than 20 years he held various positions in the field of security & safety in the industrial and aerospace & defense domains. Kai is an electrical engineer with a focus on data communications and has a doctorate in embedded security. Due to his membership in e.g. IEC, ISA99, CEN/CENELEC and DKE he is actively involved in the development of the IEC 62443 cybersecurity framework.
12:15 ETAbstract: Many organizations (especially very large ones) have established policies and procedures governing the IT security in their office environment; many of these are based on ISO/IEC 27001/2. Although it would be ideal to always select common controls and implementations for both IT and OT, organizations have been confronted with challenges in doing so. The ISA/IEC 62443 series explicitly addresses issues such as these; this helps an organization to maintain conformance with ISO/IEC 27001 through common approaches wherever feasible, while highlighting differences in IT vs. OT approach where needed. The presentation describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used within one organization to protect both IT and OT.
Industrial Cybersecurity Consultant, formerly Product and Security Officer, SIEMENS AG
Biography: Pierre worked for more than 40 years for SIEMENS AG, before retiring in 2020. He was responsible for Standards, Regulations, Certifications, while there as a product and security officer. He is very active within ISA having participated in the development of most of the documents of ISA/IEC 62443. He is also involved in multiple projects to implement the standard ISA/IEC 62443 within Siemens. He is currently still working on evolution of ISA/IEC 62443.
12:45 ETAbstract: Critical infrastructure like industrial automation and control systems (IACS) are prime targets for hackers due to poor, outdated security. Are your systems adequately protected? Join the International Society of Automation for a conference focused on the organizational threats and vulnerabilities based on the ISA/IEC 62443, the world's only consensus-based series of industrial cybersecurity standards. Learn how to implement these standards to respond to threats and reduce risk.
Sr. Global Solution Architect, Shape Security
Biography: Rob Roj, Senior Global Solutions Architect – Security at F5, has over 20 years of early stage start up experience with over 7 years within the Cybersecurity and Identity space. Before moving into his role at F5, Rob previously worked for Shape Security, joining the company when there were only three customers and has consulted with F500 companies on incorporating an authentication security strategy that spans across IT, Security, Fraud and User Experience disciplines.
13:30 ETAbstract: This presentation is inspired by a request for advice from a newly appointed CISO at an energy company. The new CISO was concerned at the difficulty in communicating with the automation engineers working on the industrial side of the company’s operations. They each seemed to exist in two different worlds and a common language and understanding was needed to bridge the gap. It became clear that the approach to cybersecurity based upon a computer science background was not adequate for an understanding of industrial automation and control systems where the main operation is not protecting the data but in monitoring and controlling a physical process. This presentation will explain with examples the peculiar cybersecurity aspects of industrial operations and discuss how the gap in understanding between the CISO and automation engineers can be remedied. The listeners (hopefully consisting of Enterprise IT/CISO and IACS specialists) should return to their workplaces with the sense of “playing” together as a team with a common understanding of industrial cybersecurity.
Research and Lessons Learned Division, NATO Energy Security Center of Excellence
Biography: Vytautas Butrimas has been working in information technology and security policy for over 30 years starting from his work as a computer specialist for Prince William County Government in Virginia, to his work on information society development as Vice Minister at the Ministry of Communications and Informatics, Republic of Lithuania. In 1998 he moved on to the Ministry of National Defense (MoND) as Policy and Planning Director where he chaired a task force which prepared Lithuania’s first National Military Defense Strategy. From 2001 to 2011 Mr. Butrimas worked as Deputy Director responsible for IT security at the Communications and Information System Service (CISS) under the MoND. In 2009 he chaired task forces which prepared the first MoND Cyber Defense Strategy and Implementation Plan. In 2007 (and again in 2012) the President of the Republic of Lithuania appointed him to the National Communications Regulatory Authority Council (RRT-Council). He served as Chief Adviser for the MoND of Lithuania with a focus on cyber security policy from 2011-2015 and served on a national task force that wrote the Lithuanian Law on Cybersecurity passed in 2014. In November of 2016 he was delegated by the Minister of National Defense to work as Cybersecurity Subject Matter Expert for the NATO Energy Security Center of Excellence (NATO ENSECCOE) in Vilnius where he completed a 2-year cyber risk study of the industrial control systems used in the NATO Central Europe Pipeline System. Mr. Butrimas has participated in NATO and National exercises that that have included cyber-attacks on critical infrastructure and creation of relevant exercise scenarios. He has also contributed to various reports on cybersecurity and critical infrastructure (for OSCE, EU ENISA, IEA, NATO and other org.), published articles and been an invited speaker at various conferences and trainings on Cyber Security and Defense policy issues. He is a member of the International Society for Automation, Co-chair of ISA 99 WG 10 TG 1 and co-moderator of the SCADASEC list. In 2020 he was re-delegated by the Ministry of Foreign Affairs, Republic of Lithuania to continue his service as national representative for industrial cybersecurity at the NATO ENSECCOE.
14:00 ET14:15 ET
Project Manager and Lead for the Secure Cyber-Energy Systems group, NREL
Biography: Tami Reynolds is a Project Manager and Lead for the Secure Cyber-Energy Systems group at NREL. She provides technical leadership in building out and marketing the Distributed Energy Resources Cybersecurity Framework (DER-CF) tool to industry and federal partners. She works closely with partners to develop a deep understanding of applying the Department of Energy (DOE) Cybersecurity Capability Maturity Model (C2M2) and National Institute of Standards Technology (NIST) Cybersecurity Framework to their renewable and distributed energy systems, for the evaluation of cyber and physical security. Reynolds provides leadership in developing the Distributed Energy Resource Risk Manager (DER-RM), an NREL tool that will address the NIST Risk Management Framework with a focus on distributed energy resources. She works closely with chief information officers and chief information security officers of private industry partners to conduct cybersecurity assessments in the electric sector, and she provides support to the U.S. Agency for International Development in developing cybersecurity programs in developing countries. Reynolds’s insight and innovative ideas on new efforts are helping to merge cybersecurity and resilience research.
Electronics Engineer, US Forest Service
Biography: Ted has 20 years of experience designing test equipment, display devices, and medical instrumentation for private industry. For 6 years before joining MTDC, Etter taught courses in the electronics technology program at the University of Montana College of Technology, Missoula, MT. His work at MTDC includes projects in wireless communications, alternative energy sources, instrumentation, and process control. Etter received a bachelor's degree in mathematics from the University of Oregon and a master's degree in teacher education from Eastern Oregon State University.
14:45 ET15:00 ET
Solutions Architect, Dragos Inc.
Biography: William Muschetto is an accomplished Information Technology professional, with over a decade of hands on technical experience; ranging from standard information technology operations within small and medium sized business, to management of large-scale datacenters; and nationwide network operations consisting of over 800 network routers and switches.
William is currently a GIAC Certified Incident Handler, and is an operator and professional of many security technologies. His primary focus is on industrial control systems cyber security and integrating technology solutions.
Having been with Dragos since November 2018, he has received several acclamations including the prestigious Dragos badass of the Year award in 2019.
Outside of work, William is a fitness fanatic who enjoys hiking and extreme sport activities such as ultra-marathons, mud runs, and obstacle courses.
As an Information Technology professional, he has demonstrated success by implementing strategic IT initiatives, which has proven to improve business functionality, performance and security. He is a technically savvy self-starter, adept at moving into new environments, and extrapolating from existing experience to quickly and fluently adapt to new technologies and deliver high quality solutions to end users.
15:30 ET15:45 ET
Cyber Program Director, US Department of Commerce: NIST Manufacturing Extension Partner, Manufacture’s Edge
Biography: Jennifer Kurtz works with entrepreneurs to build sustainable business practices and achieve compliance with information security standards like ISO 27001 and NIST 800-171. She has developed and taught graduate courses in cybersecurity at Regis University since 2011; authored Hacking Wireless Access Points: Cracking, Tracking, and Signal Jacking (2016) and a chapter of The Data Breach and Encryption Handbook (2011); written numerous articles on cybersecurity; and designed online cybersecurity courses for small businesses and individuals. Jennifer was IT manager for an international automotive manufacturer, project manager for the Indiana manufacturing extension partnership, and award-winning director of ecommerce for the State of Indiana. Through the Denver Metro and Pikes Peak SBDCs, Jennifer has co-led the Leading Edge for Transportation/Construction Industry program and the Growth Catalyst Business Coaching program. She holds an MBA and PMP certification.
16:15 ET16:30 ET
Industrial Cybersecurity Engineering Technology Coordinator, Idaho State University
Biography: Within Idaho State University’s Energy Systems Technology Education Center (ESTEC), Sean McBride runs the nation’s only 2 year, hands-on degree to specialize in defending industrial facilities from cyber attacks and incidents. Sean joined ISU after leaving FireEye, where he developed the firm’s Industrial Control Systems (ICS) security business strategy. Sean’s professional accomplishments include pioneering work in threat and vulnerability intelligence, which evolved into the DHS ICS-CERT, and co-founding Critical Intelligence to focus on the unique intelligence needs of industrial entities. Over the past decade, Sean has written extensively for his customers, provided expert analysis for the popular press, and briefed the results of his work at leading professional conferences such as RSA and S4. Sean earned an MBA in the NSA Scholarship for Service Program at ISU in 2006. He earned a Masters in Global Management from Thunderbird – Arizona State University in 2010.
9:00 ET
Security Engineering Manager, ITD, Johns Manville
Biography: Scott is an experienced IT/OT manager with a demonstrated history of working in both municipal and manufacturing environments with a focus in industrial cyber security. Passionate about IT/OT collaboration, workforce development, strategic planning, industrial cyber security, and development of reasonable and useful corporate standards for process control networks.
ICS Cybersecurity Advisor
Biography:Johan is an independent consultant specializing in industrial control systems and cybersecurity. He has recently retired from a major petrochemical company with more than 38 years of experience. By the end of his career, he rose to a level of Distinguished Engineering Advisor and had the role of ICS Cybersecurity Advisor. During his career, Johan designed ICS system architectures, created company standards and policies, implemented major ICS projects, supported ICS site engineers, and contributed to the design of several ICS products.
Principal Consultant, OIT Concepts, LLC
Biography: Eric provides advisory and consulting services in several areas related to the use of information technology in industrial applications, with a particular focus on industrial cybersecurity, management of complex portfolios of IT solutions, assessment and evaluation of commercial solutions and digital transformation. As a chemical engineer he initially worked as a process design engineer in the chemical industry. He was then given an opportunity to develop my interest and aptitude in the application of information technology (IT) to engineering-related processes, leading to assignments in areas such as operator interface software development, computer systems support, project management, industrial systems security, information technology architecture and strategic planning for a range of manufacturing and engineering disciplines and functions. He was the principal designer of a minicomputer based control system operator interface several years before such solutions were commercially available.
He has extensive experience in the management of the technology and solution life cycle of manufacturing operations and control systems, be they internally developed or purchased. This life cycle begins with specification and extends through assessment of alternatives, selection, procurement, implementation, integration, operation and support. The range of functionality includes process control and manufacturing execution solutions. In general terms his expertise lies at the intersection of information technology and manufacturing operations, with a particular focus on the process industries.
He has been responsible for the functional and technical architecture for a large operations and engineering IT portfolio, including process control, manufacturing execution, design engineering and process safety. This included leading and directing a team of system and technical architects. Since 2002 he has been heavily engaged in various areas of industrial information systems security. He was a founding member of the Chemical Sector Cyber Security Program of the American Chemistry Council (ACC) and the Chemical sector representative to the Industrial Control Systems Joint Working Group (ICSJWG). He is a founding member and the current co-chair of the ISA99 committee on industrial automation and control systems security, which is responsible for the development of the IEC/ISA-62443 standards. He has served as the Vice president of Standards and Practices Executive Board member at the International Society of Automation (ISA) and am the 2020 President of the society.
CAP, Owner & Certified Automation Professional at Industrial Control System Security
Biography:Glenn is a senior industry consultant applying extensive SME experience in Industrial Control Systems (ICS), automation, safety, Critical Infrastructure Protection (CIP), robotics. Mr. Merrell is an ISA Certified Automation Professional with over 35 years of cross-sector multi-discipline expertise in industrial control systems, possessing a wide expertise base in real-time control systems including but not limited to electrical, instrumentation, process, manufacturing, machine and factory automation, Safety Instrumented Systems (SIS), industrial networks, SCADA, IACS Cyber Security and many others.
Mr. Merrell has a wide range of cross-sector knowledge spanning many aspects of product and process development projects from stakeholder management, conceptualization through project deployment in North America and global regulatory environments. He has experience encompassing project management, hardware and software development, system testing, quality assurance and quality control, conformity in regulatory environments CFR/FERC/NERC CIP, system-production-product-process validation, hazard assessment/ risk mitigation, and process improvement. Mr. Merrell additionally performs European Union EC/CE compliance self-certification training and compliance in many areas of EU Directives involving ICS and the Machinery Directive. His client list covers Fortune 500 companies.
Director, Cyber Experience Global Product Security, Johnson Controls
Biography:Kevin has over 40 years of experience as an engineering fellow with Honeywell. He considers himself semi-retired right now as he is still doing a little freelance consulting. Kevin began working for Honeywell in 1976 and has seen them go through so many stages of innovation and change. He has a wealth of knowledge on their engineering sector and the implementation of those changes. Kevin has a Bachelor of Science from DeVry University in Illinois.
Lead Security Architect, Product Security Leader at Johnson Controls
Biography:With over 30 years of broad professional experience in software engineering, John is a recognized leader and mentor with experience in both new and maintenance development scenarios. Over the years, he has applied his skills in several industries including; Pulp & Paper, Oil & Gas, Cement, Identification & Marking and HVAC. John executes at a high level of technical diversity and depth of skill, working to drive results that exceed business objectives. John is a lifelong learner with a passion to pursue broad system development activities with an emphasis on leadership, security and inter-connectivity.
9:45 ET10:00 ET
Managing Director ASCI, ISA
Biography: Andre is an ISA staff leader for industry consortia that promote standards, programs and practices resulting in trusted and secure automation and control systems that affect our everyday lives. He promotes and oversees the ISASecure program, a global cross-industry IEC 62443 cybersecurity conformity assessment scheme for building management systems and industrial automation securing the supply chain for critical infrastructure automation through standards-based certifications. He helps established an expanding ISO/IEC 17065 accredited certification lab network to certify control systems cybersecurity; lab headquarters are currently located in Europe, Asia-Pacific and, North America with coverage for all regions around the globe.
He is currently the director of the International Society of Automation Global Cybersecurity Alliance with a mission to bridge the gap between the published ISA/IEC 62443 cybersecurity standards and the adoption and implementation of the practices described in the standards.
He manages a second industry consortium that promotes the use of wireless technology in industrial systems and IOT devices to improve safety, efficiency and, performance of operations at manufacturing sites around the globe based on the IEC 62734 international wireless standard.
10:30 ET10:45 ETAbstract: Most cyber risks and events are associated with the compromise of endpoints or commodity systems, HMIs, Historians, AD servers, EWS, and technician laptops. This means we need to be considering these endpoints vs. merely monitoring network traffic when treating cyber-risk down to tolerable levels for the organization. The IEC 62443 standards have high-level, concentrated advice, but in comparison to NIST-SP technical requirements, it is not as clear because 62443 was designed to be highly agnostic and applicable to many industries.
When looking at the 62443 foundational requirements (FR) and security requirements (SR), many can be found within a cybersecurity program or tweaked to focus on endpoints and fulfilled using technology. Security continuously degrades and audits/remediation require resources, but security controls per asset can be implemented and monitored so OT systems management (OTSM) teams can get ahead of the problem (where possible) using the correct solutions.
This session is about mapping endpoint security capabilities to those outlined in the 62443 family, using multiple products to tie FR/SRs together, and how to gain visibility on gaps, security-level (SL) variances, etc. via a centralized platform strategy that enables teams to act. Attendees will walk away with:
An introduction to the 62443 FR/SRs with respect to endpoint security
A mapping of FR/SRs to the various capabilities or products out there
An example of an HMI “blueprint” with a specific target security level (SL-T)
An example illustrating variance between an achieved security level (SL-As) vs. the desired SL-T via a compliance strategy
An example dashboard report showing overall results as a feedback system for your CSMS
Next steps to expanding this concept
CEO, Verve Industrial Protection
Biography: John leads Verve's mission to protect the world’s infrastructure. He brings 20+ years of experience from McKinsey & Co. advising large companies in strategy and operations. John's committed to helping clients find the lowest cost and simplest solutions.
Director of Customer Success, Verve Industrial
11:15 ETCertificate for completing all modules and passing the exam
12:00 ET12:15 ETAbstract: Learn why the biggest risks in your security strategy could be posed by the devices you're shipping, in this informative presentation by Finite State. Watch to discover how the Finite State platform is helping manufacturers understand their risks and take a proactive approach to product and connected device security.
Sr. Director Product Development, Finite State
Biography: Jeanette Sherman believes that technology achieves more when customers and companies speak each other’s language. As a Director of Product Management at Finite State, she works to tell customer stories to Finite State’s teams — and to tell Finite State’s technology story to the customers who need it most. Jeanette has a long career in product marketing and copywriting, including work for Intel, Avalara, and several early-stage startups
11:00 ET
Director, Global Education and Outreach
Biography: Geri is a Senior Global Strategy and Operations Executive with over 25 years of experience in Information Technology (IT). She has built a successful career in partnerships, alliances, sales, business development, organizational development and process transformation from small startups o fortune 500 companies.
She is passionate about workforce development, having volunteered in the classroom for sev4ral years to teach STEM courses and align with organizations to promote awareness across diverse constituencies.
Geri is currently the Director of Global Education and Workforce Development at ISA where she focuses on promoting education initiatives for Industrial Cybersecurity and Automation. She is excited to be involved in the digital transformation journey including the convergence of IT and OT and creating awareness and interest in the associated career opportunities.
17:00 ET17:30 ET
Biography: Over his thirty-plus year career, Andy has spearheaded world-class security development initiatives and provided Next Generation solutions as an Enterprise Architect in the Process Automation industry. An industry-recognized authority on Cybersecurity, Andy currently works at a multi-billion dollar energy management and Fortune Global 500 company, where he acts as the Industrial Automation Product Security Officer, architects and drives next-generation ICS solutions, delivers and executes the cybersecurity roadmap, and manages strategic partnerships with multiple global corporations. His expansive knowledge has attracted audiences with multiple high-level government security agencies worldwide. He has provided security briefings to the White House National Security Council and the State Department. Holder of multiple patents and sought-after speaker on Process Automation and Cybersecurity, Andy has remained at the forefront of his field, with the level of expertise to see and impact big picture challenges in both world-class corporate and government sectors.
