For many years, Mikael Vingaard has been a familiar face at ISC-CPH – not only as a speaker and exhibitor, but also as a valued partner and member of our Advisory Board. With more than 25 years of experience in cybersecurity and the past decade dedicated to OT and industrial security, Mikael has become one of the industry’s respected voices on securing industrial control systems. As CEO and co-founder of ICS Range, he works to strengthen practical OT security skills through hands-on training in realistic industrial environments.
Ahead of ISC-CPH 2026, we caught up with Mikael to talk about the biggest challenges facing critical infrastructure, why developing people is just as important as deploying technology, and what makes ISC-CPH stand out from other cybersecurity events.
Can you briefly introduce yourself and tell us about your role and background in OT and industrial security?
I have worked with IT security for more than 25 years and have spent the last decade focusing on industrial cybersecurity and Operational Technology.
My work is centred around Industrial Control Systems (ICS) and SCADA environments, where I perform industrial penetration testing, vulnerability assessments, OT asset discovery, threat hunting, and security research. Over the years, I have also been involved in identifying and reporting vulnerabilities affecting industrial products and technologies.
I am co-founder of ICS Range, a 24/7 industrial cybersecurity training platform built around real OT and ICS environments. The platform is designed to provide hands-on training in realistic settings, allowing both newcomers and experienced professionals to develop practical skills without impacting live production systems. A large part of my work is focused on bridging the gap between traditional IT security and the operational realities of industrial environments.
What are the biggest OT security challenges facing critical infrastructure and industrial organizations right now?
One of the biggest challenges is still visibility. Many organisations do not have a complete overview of the assets connected to their OT networks, how those assets communicate, or the dependencies between systems. Without that visibility, it becomes difficult to assess risk, detect threats, and prioritise security efforts.
At the same time, the continued convergence of IT and OT environments is creating new attack paths. Many industrial systems were designed long before cybersecurity became a concern and remain in operation for decades. As a result, security improvements must often be implemented without affecting availability, reliability, or safety.
Another challenge is the growing OT security skills gap. However, I believe a significant part of the solution already exists inside many organisations.
The people operating and maintaining industrial environments already understand the processes, technologies, and operational realities of their organisations. That knowledge is extremely valuable and often more difficult to acquire than cybersecurity skills.
Rather than relying solely on external recruitment, organisations should focus more on developing internal capabilities. With the right training, practical exercises, and structured learning paths, operational personnel can build strong OT security competencies over time.
This is one of the areas we focus on at ICS Range. We see strong results when organisations take a long-term approach to capability development and enable their own people to grow into OT security roles. Building resilience is not only about technology; it is also about developing the people who already understand the environment they are protecting.
What are the 3 keynotes/workshops you are looking most forward to this year?
There are many strong sessions and workshops on the programme this year, making it difficult to highlight just a few.
I am particularly looking forward to the OT Reverse Engineering workshop by Sofia Rita Tocco and Alexander Victor Dybendal Koefoed. Reverse engineering and firmware analysis play an important role in industrial cybersecurity, and I expect the workshop to offer valuable practical insights.
More broadly, I am looking forward to the technical workshops, keynote sessions, and discussions with peers from across the OT security community. ISC-CPH has a strong programme this year, combining hands-on topics, real-world industrial case studies, and practical perspectives from operational environments.
What makes ISC-CPH different from other cybersecurity events?
ISC-CPH stands out because it focuses specifically on industrial cybersecurity and operational technology, rather than general IT security. The focus on ICS and SCADA environments makes the discussions highly relevant to real-world industrial operations, where safety, availability, and operational constraints are critical factors.
It brings together practitioners, researchers, asset owners, and vendors who are all working directly with OT security challenges. This creates an environment where the discussions are not only theoretical, but grounded in real operational experience from industrial environments.
What makes the event particularly valuable is the opportunity to exchange knowledge between people working hands-on with industrial systems, bringing together both offensive and defensive perspectives. This creates meaningful discussions and practical takeaways that attendees can apply in their own environments.
What is your nonconference recommendation of what not to miss while in Copenhagen?
Take your family to Copenhagen, it avery safe and welcomming city. Allocate some time to explore Copenhagen before or after the conference venue. The city offers a unique combination of history, culture, innovation, and quality of life. Whether it is a walk around Nyhavn and the waterfront, exploring the historic city centre, or enjoying the local food scene, there is plenty to experience while visiting the Danish capital.
Any good advice for someone joining the event for the first time? How do they get the most out of it?
Take advantage of the opportunity to meet people. The presentations are important, but many of the most valuable conversations happen during breaks, workshops, and networking events. OT security is still a highly specialised field, and ISC-CPH provides a rare opportunity to exchange experiences with practitioners facing similar challenges.
Ask questions, engage with speakers and fellow attendees, and don’t be afraid to share your own experiences. The more you participate, the more value you will gain from the event.
A big thank you to Mikael Vingaard for sharing his perspectives.
As a long-standing member of the ISC-CPH community, Advisory Board member, and trusted partner, Mikael continues to play an important role in helping shape conversations around practical OT security and capability building across the industry. We look forward to welcoming Mikael, the ICS Range team, and the rest of the industrial cybersecurity community back to Copenhagen this November. Read more about the conference and sign up today