19th Annual
EnergySec Security &
Compliance Summit

July 22-24, 2024 | Anaheim, CA

Register Here
Call For Speakers
Prospectus

Speakers

Andrew Ginter
Andrew Ginter
At Waterfall Security, Andrew leads a team of experts working with the world's most secure industrial sites. He is the author of three books on industrial security, co-author of the IIoT SF and the UITP Guide to CyberSecurity in Tendering, and co-host of the Industrial Security Podcast.
Brian Pauling
Brian Pauling
I have served in a variety of executive, management and consulting capacities for over 25 years utilizing.my expertise to create, assess, and implement change across numerous industries and organizations, with a focus in the gas and electric utility industry. Most notably, my experience includes establishing and managing top tier NERC and corporate compliance departments, providing end to end compliance support (i.e., program development, program management, process design and implementation, RSAW documentation/review, internal controls program development and implementation, mock audits, audit support, penalty/sanction resoultion, etc.) to small and large utilities, and managing regulatory processes and relationships.
Jason Cromes
Jason Cromes
Jason Cromes is the Manager of the Identity Security organization at Southern Company. Over the past 2 years, he has built a high-performing team with considerable knowledge of on-premises and cloud identity including Auth & MFA, PAM, PKI, SOX, CIAM, mainframe identity and identity risk detection. Jason brings to his role 20 years of IT and OT experience across a broad range of infrastructure, telecom, cloud, application development, and security domains. He holds a B.S. in Computer Science from the University of Alabama and a Masters of Engineering from the University of Alabama at Birmingham.
Monta Elkins
Monta Elkins
EnergySec Cyber Security Professional of the Year 2018
SAN ICS Cyber Security Principal Instructor
Hardware Hacking Essentials Training Course Author
Supply chipping attack feature at wired.com
60+ Security presentations at conferences including, DEFCON, RSA, EnergySec, S4 CS3STLM, Bsides LV, GridSecCon, Hack the Capitol and many others
Matt Downey
Matt Downey
Mr. Downey serves as Vice President Energy and Supply Chain Sales with Fortress Information Security and is responsible for Fortress’ overall Sales effort within North American Energy Utility and adjacent markets. Matt has worked within the Energy industry for the past 26 years, having served in Customer-facing capacities with Datamatic, Inc, Elster-ABB, Space-Time Insight, and Nokia prior assuming his current role at Fortress. During this time, he has accrued vital experience listening to his Clients and tailoring specific solutions to their needs.
Nate Evans
Nate Evans
Dr. Nathaniel Evans is a senior cybersecurity researcher at Oak Ridge National Laboratory. He currently works on a variety of proactive cybersecurity projects involving critical infrastructure including the development of DOE’s Energy Threat Analysis Center. Nate created a cybersecurity assessment for critical infrastructure that is used heavily by DHS and has three R&D 100 awards for his research in proactive cybersecurity. Nate graduated with his PHD from Iowa State University and has had a variety of positions within industry and the National Labs.
Pierre Janse van Rensburg
Pierre Janse van Rensburg
With a keen will to continually deepen his knowledge, Mr. Janse van Rensburg’s career history highlights expertise and demonstrated skill sets in areas such as system security, support, administration and management, system / process development and implementation, team leadership, project management, consulting, training and mentoring. He has played key roles in the development of multiple organizations' Compliance and Cybersecurity Programs (NERC CIP, NIST CSF, IEC-62443), as well as ongoing maintenance. He provides consulting service in a wide range of cybersecurity projects including working with large industrial utilities such as BC Hydro, AltaLink, and ENMAX Power. Prior to joining BBA he was responsible for the day-to-day operational security of a large municipal utility T&D SCADA network. His proven ability to quickly grasp and master new technical concepts and technologies and responsibility in managing multi-level projects to fruition effectively make him a great asset to every team.
Matt Caves
Matt Caves
Matt Caves currently serves as the Corporate Compliance Officer and Vice President of Legal and Regulatory Compliance for Western Farmers Electric Cooperative (WFEC), a generation and transmission cooperative located in Anadarko, Oklahoma. Prior to joining WFEC, Matt spent almost 15 years as a state regulator and in private practice handling a wide variety of regulatory compliance, permitting, enforcement and litigation issues. Matt is a member of the Markets and Operations Policy Committee (MOPC) and Strategic Planning Committee (SPC) of the Southwest Power Pool (SPP) and serves on the Midwest Reliability Organization (MRO) Compliance Monitoring and Enforcement Advisory Council (CMEPAC). He also serves on the Oklahoma Department of Environmental Quality Air Quality Advisory Council (AQAC). Matt obtained his Bachelor of Science degree in Wildlife and Fisheries Ecology from Oklahoma State University and his Juris Doctorate degree from The University of Oklahoma, College of Law.
Manuel C. Maestas
Manuel C. Maestas
Control Systems Engineer skilled in the art of installing and programming control systems. I bring hands-on expertise, having successfully navigated concept-to-scale testing and commissioning projects. I'm skilled in grid modeling and simulation with RTDS's RSCAD FX, focusing on using data to implement advanced fault identification methods in the evolving power generation landscape. Some of my work includes configuring and testing hardware in-the-loop, which includes the installation and configuration of SEL devices (3555, 351, 735, 2488), Megger Amplifiers, inverters, and PLC systems. I also have experience with testing automated response methods and conducted vulnerability assessments on customer provided testbeds. I have helped mentor over 30 interns at a national laboratory.
Dennis Skarr
Dennis Skarr
Dennis is tenured faculty at Everett Community College (EvCC). Currently, Dennis is spearheading the development of an Industrial Cybersecurity Program at EvCC. Dennis brings over 10 years of experience from performing critical system assessments for the National Guard. His work covered diverse domains, including electrical utilities and voting systems.
Dennis Skarr recently created Inductive Solutions, a dynamic company specializing in content creation and gamified learning platforms for industrial cybersecurity. With a passion for education and technology, this effort also aims to bring educational videos and learning to a younger audience on digital literacy.
Rees Machtemes
Rees Machtemes
Rees is a professional electrical engineer with 20 years of industry experience. He’s designed power generation and transmission substations, automated a food and beverage plant, worked on private and government telecom projects, and supported data centers and OT hardware vendors. This led him to champion cyber-safe systems design and architecture.
Morgan King
Morgan King
At WECC, Morgan’s role as a Senior Technical Advisor, Cybersecurity is to assist registered entities in their security, compliance, and reliability efforts. He has also served as a NERC CIP Auditor for 11 years. Prior to these roles he was a Senior Network Security Administrator for EG&G Defense at the U.S. Army Chemical Weapons Depot, responsible for network security and maintaining DoD DIACAP accreditation.
Gregory Hale
Gregory Hale
Gregory has been the Editor/Founder of Industrial Safety and Security Source (ISSSource.com) for 14 years, reporting on Safety and Security in the manufacturing sector. He is also the founder of ICSSTRIVE, a manufacturing industry cybersecurity incident database. Prior to ISSSource, he was InTech magazine’s Chief Editor for 10 years.
Ryan Ferran
Ryan holds degrees in Mathematics and Computer Science, which has provided the basis for his career in multiple technical fields, including over 10 years in IT system administration. After moving to offensive security in 2016, Ryan has specialized in several facets of cyber security. As a senior penetration tester Ryan has worked to complete hundreds of highly technical penetration tests across a wide variety of industries including government, utilities, financial, healthcare, manufacturing, and higher education. He leads the physical security team and performs in-person social engineering testing and rigorous physical security audits. Ryan also has a focus on Operational Technology (OT) assessments and he has spent years mastering a thorough and delicate methodology to safely test organizations with OT considerations such as power companies, water treatment facilities, waste water facilities, and industrial manufacturing. These areas of specialization are his passion, helping to secure critical infrastructure that supports the everyday lives of all people provides the largest impact for the skills he has developed throughout his career.
David Bernstein
David Bernstein
David Bernstein has over 15 years of experience in emergency response, emergency management, and business continuity and resilience planning. He has supported clients in developing and overseeing enterprise resilience strategies with local and global footprints. In addition to strategic program development, David has also developed facility recovery plans and acted as a Subject Matter Expert (SME) to support COVID-19 safety and recovery efforts. Prior to being a consultant, he was an Emergency Manager in healthcare, leading initiatives spanning individual hospitals to multi-facility health networks. He has also acted as a strategic advisor on multi-agency initiatives at the local and regional level, including coalitions and consortiums ranging in size and scope. David holds internationally recognized credentials in Emergency Management and Business Continuity and brings significant experience in leading teams to develop corporate emergency response and business continuity programs, often from a ground zero start point.
Dan Harkness
Dan Harkness
Dan joined Argonne National Laboratory in 2009 and is currently group leader of Secure DevOps in the Strategic Security Sciences division. He and his team focus on proactively improving the state of cyber operations, creating better and more rapid cyber situational awareness, ensuring the security of critical infrastructure, evaluating the cyber impacts of emerging technologies, and protecting the security and prosperity of our national and global communities.
Eric Floyd
Eric Floyd
Eric has 25 years of experience in global business development, strategic partnerships, and consulting in the Industrial and Carrier markets, with lengthy stints at Samsung in Korea, Cisco in the Asia-Pacific region, and Microsemi in the US. Now based in Silicon Valley, Eric is responsible for building Keysight’s Industrial cybersecurity and network visibility business through technology partnerships, new solutions development, and strategic account engagement with utilities, manufacturing, and transportation organizations. Eric completed his MBA at UC Berkeley and his BA in Economics at the University of Virginia.
Kyle Jones
Kyle Jones
With a 15-year IT background, Kyle Jones transitioned to education, holding various roles, including Sr. Security Infrastructure Administrator. He possesses multiple CompTIA certifications and degrees in Network Engineering, Business and a Master in Information Assurance and Security. At Sinclair College, he's a Principal Investigator and a noted cybersecurity speaker in Ohio. His recognitions include IT Leader of the Year and Dayton's top 40 under 40, and he actively participates in the Ohio Cyber Reserves.
Mark Cooper
Mark Cooper
Mark B. Cooper, president and founder of PKI Solutions, has been known as “The PKI Guy” since his early days at Microsoft. Mark has deep knowledge and experience in all things Public Key Infrastructure (PKI), including Microsoft Active Directory Certificate Services (ADCS), PKI design and implementation, Internet of Things (IoT), mobile security, and encryption. PKI Solutions provides consulting, training, professional services, and assessments to help ensure the security of organizations now and in the future. At PKI Solutions, Mark and his team have implemented PKI solutions at enterprises, many of them Fortune 500 companies, in industries including energy, IoT, technology, healthcare, and financial services, as well as federal, state, and local government. Mark has also led hundreds of PKI trainings, including private trainings, across the country, and around the world—from Scotland to Buffalo, from Sweden to Washington, D.C.—and everywhere in between. He is also the primary instructor for our online PKI training courses. Prior to founding PKI Solutions in 2014, Mark was a senior engineer at Microsoft, where he designed, implemented, and supported ADCS environments for Microsoft’s largest customers and became the leading subject matter expert for ADCS and identity management. Mark developed and managed the Microsoft PKI Health Check to analyze and report on the design and management of PKI components and created Microsoft’s first consolidated set of PKI best practices. He authored several Microsoft whitepapers, including the specifications and deployment of ADCS on Microsoft Windows Failover Clusters. Mark has been working with Microsoft technologies since 1992 when he achieved his first MCP certification with Microsoft exam #001. He has subsequently earned the MCSE accreditation for every Microsoft operating system since Windows NT 3.51, and is a Microsoft Certified Trainer (MCT), Microsoft Security MVP, and Charter Microsoft Certified Master—Directory Services (MCM). In fact, for those with Microsoft MCM-Directory accreditation, Mark developed and most likely delivered the PKI portion of the training. You can reach Mark Cooper at hello@pkisolutions.com or follow him on Twitter at @ThePKIGuy
Sharla Artz
Sharla Artz
Sharla Artz serves as the Security and Resilience Policy Area Vice President for Xcel Energy where she manages the company’s national security strategic partnerships with our federal and state government partners. In this role, she works with utilities, government partners, and industry stakeholders to develop strategies that enhance the resilience of critical infrastructures. Previously, she served as the Senior Vice President of Government & External Affairs at the Utilities Technology Council, where she focused on bringing attention to cross sector interdependencies in critical infrastructure protection efforts. Ms. Artz was formerly the Director of Government Affairs at Schweitzer Engineering Laboratories, Inc. (SEL), where she established close working relationships with government officials, contributed insight for sound policy decision making, and was an advocate on the role of technology in grid resilience. Prior to joining SEL, Ms. Artz was the vice president of legal and government affairs for Genscape, Inc., developing business relationships for the company with federal entities. Ms. Artz was the assistant general counsel for the National Association of Regulatory Utility Commissioners, serving the 50 state utility commissioners on energy regulatory matters pending before the federal government. After receiving her juris doctor from Georgetown University Law Center, Ms. Artz spent four years on Capitol Hill, working on energy policy for a former member of the House Energy and Commerce Committee. Ms. Artz has a bachelor’s degree in sociology and psychology from the University of Tulsa, Oklahoma. She lives in Alexandria, Virginia, with her husband and two children.
Alex Trafton
Alex Trafton
Alex Trafton is a Senior Managing Director at Ankura based in Irvine, focused on national security, trade, and technology. He has over 15 years of experience in finance, risk management, and cybersecurity. He leads the NSTT information security services function and serves as a subject matter expert in cybersecurity program design, implementation, and assessment with a focus in foreign investment control and oversight (CFIUS), Defense Industrial Base (DIB) cybersecurity requirements, international trade control compliance program support (ITAR/EAR), and artificial intelligence (AI). He was named one of the top 50 cybersecurity consultants and leaders of 2023 by the Consulting Report.

Sponsors

Gold

Fortress. absolutely critical

Fortress is the AI-powered cybersecurity company, defending critical infrastructure, government agencies, and their supply chains against cyber threats and mission risks.
We know that the security and stability of our energy and utilities infrastructure is absolutely critical to sustaining our economy. We know our nation’s defenders deserve the best tools in hand to safeguard our way of life. Understanding third-party risk, illuminating and resolving vulnerabilities, and ensuring safe operation – these are the challenges we set out to solve. It’s Absolutely Critical.

Public Key Infrastructure is foundational to every enterprise. Yet, it’s often mismanaged, misunderstood, or outright missing from active consideration. At PKI Solutions, we understand that PKI is more than technology; it’s the key to greater security. From ideation to implementation, we provide assured advising to cut through PKI complexity. We elevate expertise with in-depth training suited to employee skill levels and strategic business objectives. We enable unprecedented perspective into PKI systems with monitoring software expanding visibility and elevating security.

No matter where an organization is in its PKI journey, we provide the guidance to secure everything that comes next.

PKI Solutions. The Certainty of Security.

Silver

siemens (logo)

Siemens’ technology empowers customers to transform the industries that form the backbone of economies: industry, transportation, buildings and grids. Siemens is well placed to help integrators and operators meet increasing cybersecurity demands as a vendor and single-source supplier of industrial automation and communication systems. Specifically for Critical Infrastructure communications networks, Siemens’ RUGGEDCOM hardware, software, and expertise is our best-in-class solution, purpose-built with power utilities in mind.

Keysight’s Network Visibility Solutions (NVS) deliver complete access to both OT and IT networks. Complete, real-time visibility starts with “tapping” networks to capture and copy traffic used in performance and security monitoring, incident response, forensics, and analysis. Keysight’s Network Packet Brokers aggregate, process, and deliver traffic data to OT security tools, filtering out traffic not relevant to SCADA security (such as CCTV video over IP traffic). Keysight partners with major OT asset detection and securityy companies including Nozomi Networks, Dragos, Forescout, Armis, and Waterfall. More information is available at https://getnetworkvisibility.com/industry/industrial/

Bronze

waterfall (logo)

Waterfall Security Solutions’ unbreachable OT cybersecurity technologies keep the world running. For more than 15 years, the most important industries and infrastructure have trusted Waterfall to guarantee safe, secure and reliable operations. The company’s growing list of global customers includes national infrastructures, power plants, nuclear generators, onshore and offshore oil and gas facilities, refineries, manufacturing plants, utility companies, and more. Waterfall’s patented Unidirectional Gateways and other solutions combine the benefits of impenetrable hardware with unlimited software-based connectivity, enabling 100% safe visibility into industrial operations and automation systems.

Archer is a critical infrastructure protection services firm providing the highest grade security, compliance and operational consultants in the business. Our specialists are individually selected for their diverse skill sets, deep knowledge of their industry and respective regulations as well as their productivity, professionalism and integrity.

Our roots go back to 2001, when our founding partners crossed paths at a large electric utility in the Pacific Northwest. At that time, cybersecurity was new to many in the energy sector and operational technology resilience was becoming more important than ever. Security and resilience were receiving increased attention from executive management, government officials, and other interested parties.

Critical infrastructure and industrial security has matured greatly since then.  Today Archer delivers unrivaled strategic and tactical advice in, but not limited to, cyber security, physical security, regulatory compliance, government affairs, witness preparation, disaster recovery, continuity of operations, emergency management, information technology, industrial controls systems, and training.

A Professional Services Company and Certified B-Corp based in San Francisco, California, BPM offers an extensive line of services where diverse perspectives, expansive expertise, and progressive solutions come together to create exceptional experiences for individuals and businesses around the world.

Cimcor’s CimTrak Integrity Suite is a comprehensive cybersecurity solution that rapidly detects unauthorized changes across various IT assets, enabling organizations to identify breaches in real time. CimTrak not only detects threats but also offers proactive protection through change prevention and automated remediation. By maintaining data integrity, ensuring operational continuity, and achieving and maintaining continuous compliance for over 50 regulatory mandates, CimTrak empowers businesses to strengthen their security posture and mitigate risks effectively.

Parsons (NYSE: PSN) is a leading disruptive technology provider in the national security and global infrastructure markets, with capabilities across cyber and intelligence, space and missile defense, transportation, environmental remediation, urban development, and critical infrastructure protection. Please visit Parsons.com and follow us on LinkedIn and Facebook to learn how we’re making an impact.

With decades of expertise built into our quality management and regulatory compliance software, the AssurX Platform helps organizations maintain quality management and compliance standards, streamline workflow, control risk and better manage any enterprise.

Breakfast

BSI Consulting offers comprehensive world-class solutions in environmental, health, safety (EHS), supply chain security, sustainability, and digital trust. Tailored to your needs, we enable you to accelerate progress and manage risk across your entire organization.

With 5,000 experts collaborating worldwide and serving 80,000 clients in 193 countries, we help foster excellence and progress towards a safe, secure, and sustainable world.

Clients rely on our world-class expertise, integrity, and results-driven approach to ensure business resilience within operations, supply chains, and information ecosystems. From certification, training, to advisory services and supply chain intelligence, BSI transforms best practice standards into habits of excellence.

With passion and expertise, we embed excellence in global organizations, influencing sectors like healthcare, built environment, food, retail, aerospace, automotive, and IT to enhance resilience and business performance.