Cyber security professional with more than 17 years experience developing and maturing organizations' security protection, detection and response capabilities.

Expertise in optimizing current security expenditures and tailoring solutions to address new threats. Technical Security Lead and Security Operations Coordinator for a Pharmaceutical CDMO with presence in various locations throughout North America and Europe.

I hold industry certifications including the: GIAC GRID, GDAT, GCTI, GNFA, GDSA, GPEN, GSNA, ISC2 CISSP, ISSAP, ISACA CISM, CISA.

I enjoy researching and keeping up on threats on my own time.

 

Manufacturing ICS Security Operations Strategies

The purpose of this presentation is to provide the audience with an understanding of strategies to defend Industrial Control Systems (ICS) networks related to manufacturing. Securing and monitoring for threats to ICS networks are impactful to manufacturing production as well as society which includes Pharmaceuticals, Medical Technology, Food & Agriculture. Security Operations must be tailored to the needs and related specialized systems. This includes areas where SOAR capabilities could fit.  Recent threats which apply will be discussed.

This presentation will provide a use case of a pharmaceutical enterprise to introduce where ICS networks could exist and apply to manufacturing.  Strategies will be provided for setting up and executing an incident response capability. This will include guidance on applying digital forensics concepts and tailoring to meet both quality and safety requirements common in manufacturing.

To help measure maturity, this will highlight a customized scoring tool specific to the subject while discussing rationale to customize from its original source. Assessment strategies will be provided specific to the tool and manufacturing. The tool will be demonstrated including visualizing results and figuring out what to tackle first. This guidance will rely on dependencies based on experience in establishing a Security Operations program.

As one of the first to achieve the GIAC Response and Industrial Defense certification, the strategies will align to the concepts and frameworks highlighted industry benchmarks including: SANS ICS 515 Active Defense and Incident Response, the MITRE ATT&CK ICS Framework, the SOC-CMM and NIST Cybersecurity Framework Manufacturing Profile.