Program
| Time | Main Track | Danish Track |
|---|---|---|
| 8:00 | Welcome – Registration, networking and breakfastRegister at the conference reception, receive your nametag, and conference material. Enjoy breakfast buffet with coffee and tea. | Velkommen til Industrial Security ConferenceUdlevering af navneskilte og deltagermateriale. Ny en let morgenanretning med kaffe og te. |
| 9:00 | Introduction to the conference and today’s programChairman James R. McQuiggan, Security Awareness Advocate, KnowBe4 introduces the conference and today’s program.
James R. McQuiggan
Security Awareness Advocate, KnowBe4
| Introduktion til konferencen og dagens programIntroduktion ved ordstyrer Peter Frøkjær, Senior Security Architect, Vestas & President, ISACA Denmark
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
|
| 9:05 | Strengthening Governance, Risk and Compliance in OT SecurityTechnical Level: Intermediate In this presentation, we will discuss how to identify OT Cyber-Physical Risks and build a resilient compliance frameworks that are not a one-time effort, but a continuous process. In this session, we will explore best practices for ongoing monitoring, risk assessment, and mitigation – integrating compliance checks designed to help ensure that organizations stay ahead of both regulatory changes and the shifting threat landscape.
Saltanat Mashirova
OT Cybersecurity Lead, CPX
| Beredskab og beskyttelse af dansk kritisk infrastruktur
Torsten Schack Pedersen
Minister for samfundssikkerhed og beredskab, Ministeriet for Samfundssikkerhed og Beredskab
|
| 9:30 | Netværkspause med forfriskninger | |
| 9:50 | Short Break | |
| 10:00 | Safety-Critical Cloud-Based Systems – a survey of design optionsTechnical Level: Advanced Delegates will learn; Key risks in cloud and AI-based safety-critical systems, design patterns to mitigate these risks and security trade-offs and recommendations for different criticality levels
Andrew Ginter
VP Industrial Security, Waterfall Security
| Hvad er truslen mod den danske kritiske infrastruktur?
Jakob Witt
Sektionschef, Trusselsvurderingsenheden, Styrelsen for Samfundssikkerhed
|
| 10:40 | Refreshments and networking | |
| 11:10 | Implementing Secure-By-Design Frameworks in OT EnvironmentsTechnical Level: Intermediate In this session, we will discuss the importance of OT security-by-design, how security should be injected throughout the production lifecycle, and share a case study and lessons learned from a recent real-world implementation.
Hatteras Hoops
OT Security Delivery Lead, Europe, Booz Allen
| Tilsynserfaringer på baggrund af Energistyrelsens implementering af NIS2
Jesper Rode Tholstrup
Kontorchef, Energistyrelsen
|
| 11:50 | Mastering OT Decryption Before It’s Too LateTechnical Level: Intermediate / Advanced You will learn why decryption is essential for modern OT networks, how to address the visibility blind spots introduced by encrypted traffic, common misconceptions about OT Decryption and actionable strategies for implementing decryption without compromising uptime or performance.
Neil Wilkins
EMEA Technical Manager, Garland Technology
| Cyber Resilience Act: Juridiske krav og complianceCyber Resilience Act (CRA) er en ny EU-forordning, der stiller juridiske krav til Cybersikkerheden i digitale produkter og tjenester, der gøres tilgængelige i EU. I oplægget får du en gennemgang af de juridiske krav i CRA, med fokus på hvilke produkter og tjenester, der er omfattet, og hvordan virksomheder skal sikre compliance, f.eks. i forhold til kravene til dokumentation, risikostyring, sikkerhedsopdateringer og leverandørstyring.
Emil Bisgaard
Partner, Poul Schmidt / Kammeradvokaten
|
| 12:30 | Lunch and networking | |
| 13:30 | Is the energy sector Cyber Secure in 2025?Technical Level: Beginner This is DNV’s third Energy Cyber Priority report. Research was carried out between September 2024 and January 2025. Survey respondents represent a range of functions within the industry, including those with in-depth knowledge of cybersecurity along with general managers and C-suite executives.
Boye Tranum
Director Cyber Security, DNV Cyber
| Erfaringer fra et ransomware angreb fra en kommuneKarl Johansen, borgmester i Klaksvik Kommune på Færøerne, fortæller om oplevelsen af, hvordan det var at blive angrebet af ransomware.
Annilisa Arge Klevang, chefkonsulent, Nordatlanten hos Samsik fortæller om truslen af ransomware, hvordan hackerne brød ind, og hvad man kan gøre for at reducere risikoen for ransomware.
Karl Johansen
Borgmester, Klaksvík Kommune
Annilisa Arge Klevang
Chefkonsulent, Nordatlanten, Styrelsen for Samfundssikkerhed
|
| 14:10 | Short break | |
| 14:20 | Challenges in Bringing Cybersecurity to Rail Operational SystemsTechnical Level: Beginner You will gain a foundational understanding of the rail-specific threat landscape and learn how tailored cybersecurity strategies can improve resilience across the industry.
Omar Benjumea
Field CISO & Business Development, Cylus
| Fra rapportering til teknisk løsningTechnical Level: Intermediate Erfaring fra Danmarks første CVE Numbering Authority (CNA) med opbygning af et centralt kontaktpunkt, hvor oplysninger om sårbarheder i producentens produkt kan indberettes og modtages på en sikker måde.
Anette Svendsen
Compliance Manager, Secomea
|
| 15:00 | Refreshments and networking | |
| 15:25 | Seeing the forest for the trees – Tracking the evolution of 15 years of malicious behavior on OT/ICSTechnical Level: Intermediate Fifteen years after Stuxnet, OT/ICS threats have evolved far beyond state-sponsored malware. This session tracks the broader landscape of malicious activity, from ransomware on engineering workstations to botnets targeting industrial routers. Using new data from honeypots and malware repositories, we highlight the real-world threats asset owners face today—often overlooked in favor of high-profile attacks. Learn how attackers exploit perimeter devices, abuse OT protocols, wipe critical data, and infect legitimate OT software.
Daniel dos Santos
Head of Research, Forescout
| Hvordan kan vi sikre Cyber resiliens i vores elnet – nu og i fremtiden?Technical Level: Beginner/Intermediate I denne session vil Amalie Lønning fra Siemens præsentere nogle af de største udfordringer, som fremtiden kigger ind i såsom det aktuelle trusselsbillede der er ved at arbejde med både de gamle og de nye elnet. Du får også et hurtigt realitetstjek af udviklingen i konvergensen mellem OT og IT, som er en forudsætning for cybersikkerhed og hovedresultaterne fra en bredere undersøgelse: Hvor langt er man med cybersikkerhed hos DSO'er og TSO'er i Norden?
Amalie Lønning
Cybersecurity Portfolio Manager - Nordics, Siemens
|
| 16:05 | Short break | |
| 16:15 | Imposing a Cost on the Adversary, not yourselfTechnical Level: Intermediate The realization that Critical National Infrastructure is at the point of a Hybrid War is apparent, with the well-publicised outcomes. How to deliver an appropriate and proportionate Cyber solution into the Cyber Physical Environment requires careful consideration to ensure the functional integrity of the protected Assets? This talk looks at how a Balanced Approach, founded on IEC-62443, has been used to impose a cost on the adversary which is viewed as an operational benefit and not a burden (cost). Delegates will learn how the foundational requirement of IEC-62443 has been delivered from a Governance Perspective, Operational Perspective whilst driving our Strategic Objective from the project itself.
Umberto Cattaneo
Europe Regional Cyber Security Business Consultant Lead, Schneider Electric
| Kenneth og OT-sikkerhedsmonopoletVi hjælper dig med dit OT-sikkerheds dilemma – LIVE ON STAGE … det bedste dilemma premieres!
Rene Levin
CISO, Fjernvarme Fyn
Mikael Vingaard
Senior OT Security Consultant, ICSRange
Morten Kromann
Head of Product Development Special Projects, Grundfos
Jens Christian Vedersø
Head of Cyber Risk Management, Vestas
Kenneth B. Jørgensen
Owner, KCERT
|
| 17:00 | The chairman provides a summary of the day’s agenda and key learning outcomes
James R. McQuiggan
Security Awareness Advocate, KnowBe4
| Ordstyreren samler op på konferencens første dag
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
|
| 17:10 | Networking receptionA networking reception with refreshments, offering the opportunity to connect with our partners. | |
| Time | Main Track | Workshop 1 | Workshop 2 |
|---|---|---|---|
| 8:00 | Welcome to Day 2 at ISC-CPHEnjoy a light breakfast buffet, coffee, tea and network with your security colleagues. | ||
| 9:00 | Introduction to today’s programChairman James R. McQuiggan, Security Awareness Advocate, KnowBe4 introduces today’s program.
James R. McQuiggan
Security Awareness Advocate, KnowBe4
| ||
| 9:10 | Hunting at scale, identifying Internet connected OT devicesTechnical Level: Intermediate You'll walk away with new insights on the vast number of OT-species out there, and why we believe they should migrate away from the internet. Are you ready to join the expedition?
Erwin Paternotte
Senior Technical Threat Analyst, NCSC-NL
Niels van Eijck
Senior Technical Threat Analyst, NCSC-NL
| Workshop: Expanding the Horizon of IDSTechnical Level: Beginner/Intermediate This workshop provides a hands-on introduction to Intrusion Detection Systems (IDS), focusing on network-based IDS (NIDS). In this session you will get an introduction to IDS.
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
| |
| 9:50 | Short break | ||
| 10:00 | Study on High Impact Scenarios with ESCIMTechnical Level: Intermediate Learn how ESCIM supports training, incident preparedness, and alignment with the NIST framework for effective response and recovery.
Maite Carli García
Communication Manager & European CCI Coordinator, CCI – Industrial Cybersecurity Center
| Workshop 1: OT Network Segmentation – From Planning to ImplementationTechnical Level: Intermediate Workshop Overview: This full day workshop provides a comprehensive approach to OT network segmentation, addressing both strategic planning and technical implementation. The session is divided into two parts.
Tony Turner
VP of Product, Frenos
| Lab 1 – Setting Up a Basic IDSKey takeaways: Installing and configuring Zeek, installing and configuring Suricata, installing and configuring ELK and preliminary testing
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
|
| 10:40 | Refreshments and networking | ||
| 11:10 | Smart Systems, Smarter ThreatsTechnical Level: Beginner Key insights include shifting from domain-based risk to business-driven criticality, building a shared risk language, and creating adaptive, audit-ready processes that are both practical and strategic.
Hedvig Måreng
OT Security Consultant, Ørsted
| Requirements Development and Resource PlanningKey takeaways: Developing technical requirements for OT firewalls based on operational needs, performance considerations for industrial environments, staffing and skills assessment for implementation and maintenance and budgeting and procurement considerations.
Tony Turner
VP of Product, Frenos
| Theory – Analyzing IDS Logs & AlertsKey takeaways: Generating alerts with simulated attacks, generating logs via PCAPs, understanding Snort and Suricata alert logs, analyzing Zeek logs for deeper network insights and visualizing results in Kibana
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
|
| 11:50 | Emergency Response Drills in Practice for Power GenerationTechnical Level: Beginner In the talk we will give you insight to why we did it, how we did it, pros vs cons and key learnings.
Lars Erik Smevold
Security & Process Control Architect, Statkraft
| Project Planning and CommunicationKeytakeaways: Creating an implementation roadmap with realistic milestones, identifying and managing stakeholders across IT and OT domainsm developing communication plans for technical and non-technical audiences and change management strategies for security implementations in OT
Tony Turner
VP of Product, Frenos
| Lab 2: Traffic Analysis with ZeekKey Takeaways: Case 1 Presentation, extracting and analyzing HTTP, DNS, and SSH activity and identifying suspicious patterns in logs
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
|
| 12:30 | Lunch and networking | ||
| 13:30 | Staying on course in a volatile environment: OT security in complex large-scale HVDC projects – a real-life exampleTechnical Level: Intermediate Learn how Amprion develops and adapts OT security requirements, integrates new regulations mid-project, and addresses the complexity of unmanned offshore stations. Real-world lessons and project management insights will be shared from the BorWin4/DolWin4 and BalWin1/BalWin2 initiatives.
Simon Gustafson
Information Security Manager, Amprion GmbH
Jan Grotelüschen
Senior Consultant, GAI NetConsult GmbH
| Workshop 2: Hands-On Implementation LabTechnical hands-on session for security practitioners. Key takeaways: Lab Environment Setup and Baseline Configuration
Tony Turner
VP of Product, Frenos
| Theory – Advanced IDS TechniquesKey takeaways: Customizing IDS rules, advanced rules: sticky buffers/preprocessors and how they work, asset identification, optimizing rules and bypassing and evading IDS
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
|
| 14:10 | Short Break | ||
| 14:20 | You’ve Scored It – Now What? Data Needs for Effective RemediationTechnical Level: Intermediate This session will cover how remediation data differs from vulnerability data, the complexities and interdependencies of the landscape, and initiatives to standardize its reporting and distribution. Finally, it will discuss how this data can be used within an organization to support the vulnerability and patch management process.
Kylie McClanahan
CTO, Bastazo
| Protocol-Specific Rule ImplementationKey takeaways: Analyzing and configuring rules for common industrial protocols, implementing deep packet inspection for industrial protocols, configuring stateful inspection for TCP/IP-based communications and creating exceptions for legacy systems and protocols
Tony Turner
VP of Product, Frenos
| Lab 3: Threat Hunting with IDSKey Takeaways: Case 2 Presentation, simulating real-world attacks, investigating alerts and updating rules and correlating IDS logs with external threat intelligence
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
|
| 15:00 | Refreshments and networking | ||
| 15:25 | Battling Cyber Threats and Addressing Evolving Regulation: A Harmonized Strategy for Safeguarding Battery Energy Storage SystemsTechnical Level: Beginner/Intermediate This presentation will provide an overview of the complexity in cyberspace, the cybersecurity challenges faced by battery energy storage systems, and opportunities for solutions through cybersecurity, engineering and supply chain controls.
Katherine Hutton
Product Manager, Cybersecurity, Fluence
| Testing and ValidationKey takeaways: Methodologies for testing firewall configurations without operational disruption, using packet capture tools to verify firewall behavior, protocol compliance testing, introduction to digital twins for modeling and simulation and cimulating common attack vectors to verify protection.
Tony Turner
VP of Product, Frenos
| Theory – PerformanceKey Takeaways: IDS general considerations and Dalton analysis
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
|
| 16:05 | Short Break | ||
| 16:15 | OT systems migration, virtualisation and re-engineering under enemy fireTechnical Level: Intermediate At the beginning of the Russian invasion in Ukraine, many critical systems that were expected to be priority targets have been moved… elsewhere. This session will analyse experience of migrating critical systems away ASAP under fire, based on experience in Ukrainian power grid, telcos, defence – ranging from simple lift-and-shift to massive re-engineering. More importantly, we will look at how these systems in their new states evolved over last 2-3 years, which important challenges had to be addressed and what to prepare for in critical situations like Ukrainian CNI operators had to face.
Eugene Pilyankevich
CTO, Cossack Labs
| Wrap-up & Q&ARecap of key takeaways, next steps: fine-tuning IDS, integrating with SIEM and resources for further learning
K. Reid Wightman
Vulnerability Researcher, Dragos
Oscar Delgado
Senior Industrial Consultant, Dragos
| |
| 16:55 | The chairman provides a summary of the day’s agenda and key learning outcomes
James R. McQuiggan
Security Awareness Advocate, KnowBe4
| ||
| 17:10 | Walk & TalkChoose between 5 security topics and spend an hour walking in beautiful Copenhagen, while networking with your peers. | ||
| 18:10 | Networking receptionA networking reception with refreshments, offering the opportunity to connect with our partners. | ||
| 18:40 | Dinner & networking (Requires separate signup)Buffet-style 3-course dinner designed to foster networking, inclusive of three beverages and coffee. | ||
| Time | Main Track | Workshop 1 | Workshop 2 |
|---|---|---|---|
| 8:00 | Welcome to Day 3 at ISC-CPHEnjoy a light breakfast buffet, coffee, tea and network with your security colleagues. | ||
| 9:00 | Chairman James R. McQuiggan introduces today’s program
James R. McQuiggan
Security Awareness Advocate, KnowBe4
| ||
| 9:10 | Hazard Analysis: A Critical Systems Study on Passenger RopewaysTechnical Level: Intermediate Explore the safety implications of modernizing automation in chairlift systems through a case study of passenger ropeways. Topics include system interdependencies, AI/ML impacts, IT data flows, lifecycle and supply chain considerations. Discussion will also include the effects of energy efficiency and carbon reduction efforts on safety systems. Learn practical strategies for integrating modern tech while maintaining regulatory compliance and operational safety.
Sean R. Bouchard
CEO, XenonCyber Dynamics
| Workshop 1: Based on network visibility, what can we learn about activity of interestTechnical Level: Intermediate In the first part of this workshop, we will walk through investigative examples then explain the background behind network objects allowing for their further investigation
Joe Slowik
Director, Cybersecurity Alerting Strategy, Dataminr
| Workshop 1: Secure Communication with OPC UATechnical Level: Intermediate This hands-on workshop offers a deep dive into OPC UA and its role in enabling secure communication in industrial environments. Participants will learn how to configure OPC UA for secure data exchange and experience the difference firsthand through practical exercises.
Kenneth B. Jørgensen
Owner, KCERT
Jesper Kristiansen
Technology Specialist, Siemens
|
| 9:50 | Short Break | ||
| 10:00 | Lessons learned from OT incident responseTechnical Level: Beginner/Intermediate In this talk, we will cover the similarities between IT and OT incident response, the unique considerations for IR in OT environments, and proactive steps that you or your teams can do to prepare for an OT incident.
Marie Moe
Principal Consultant, Mandiant, Google Cloud
| Based on network visibility, what can we learn about activity of interestIn the second part of the workshop, we will dig into more complicated examples and highlight various resources that can be used to enrich and analyze network objects.
Joe Slowik
Director, Cybersecurity Alerting Strategy, Dataminr
| Secure Communication with OPC UAKey Takeaways: Hands-on, encrypted OPC-UA visibility and Round up. Part 2 of the workshop: Secure Communication with OPC UA.
Kenneth B. Jørgensen
Owner, KCERT
Jesper Kristiansen
Technology Specialist, Siemens
|
| 10:40 | Refreshments and networking | ||
| 11:10 | Breaking Without Bricking: Safe Vulnerability Research in OT EnvironmentsTechnical Level: Beginner/Intermediate You will gain a new insight combined with a practical demonstration of why some previous restraints may be overcome by using this approach.
Mikael Vingaard
Senior OT Security Consultant, ICSRange
Jens Nielsen
Senior OT Security Researcher, ICSRange
| Workshop 2: Understanding OT Networks & Unfold the OT Network JungleTechnical Level: Intermediate This training focuses on the dynamic nature of OT networks and how to improve visibility using practical, open-source tools. Participants will learn how to identify devices, map data flows, and spot blind spots in OT environments.
Martin Scheu
OT Security Engineer, Switch
| Workshop 2: Hardening for ICS – How to reduce attack vectorsTechnical Level: Intermediate This workshop on Hardening will give insights on the various aspects of a hardening process, the ins and outs of hardening will be explained, how to perform hardening, why the concerned hardening settings are important and what to strengthen to reduce potential attack vectors.
Dieter Sarrazyn
Industrial Security Advisor, Secudea
|
| 11:50 | Lunch and networking | ||
| 12:50 | Impowering women in cybersecuritySaltanat Mashirova will lead a panel this year with focus on Impowering women in cybersecurity
Anette Svendsen
Compliance Manager, Secomea
Katherine Hutton
Product Manager, Cybersecurity, Fluence
Marie Moe
Principal Consultant, Mandiant, Google Cloud
Kylie McClanahan
CTO, Bastazo
Saltanat Mashirova
OT Cybersecurity Lead, CPX
| OT Network Security MonitoringKey takeaways: Risk based approach to choosing monitoring points, collect and forward traffic, Inter-zone visibility, IT/OT bridge, edge device discovery, outside view, OT Network Security Monitoring and its limits and testing and validating. second part of the workshop: Understanding OT Networks & Unfold the OT Network Jungle
Martin Scheu
OT Security Engineer, Switch
| Hardening for ICS – how to reduce attack vectorsPart 2. Key takeaways: Hardening step by step – starting from backup to a basic hardened system and Lab – Hardening preparation & basic hardening
Dieter Sarrazyn
Industrial Security Advisor, Secudea
|
| 13:30 | Refreshments and networking | ||
| 13:55 | Detect and Response to VMware ransomware attacks, important take-aways for OT infrastructureTechnical Level: Intermediate / Advanced Attendees will gain actionable strategies to secure virtualized OT environments and prevent lateral movement across critical systems.
Nicklas Keijser
OT lead - Detection Services, Truesec
| Getting started with OT Network Security MonitoringKey takeaways: The cycle: use case definition, detection, alerting, playbook creation, tuning, techniques to discover assets and communication patterns and testing and validating. third part of the workshop: Understanding OT Networks & Unfold the OT Network Jungle
Martin Scheu
OT Security Engineer, Switch
| Hardening for ICS – how to reduce attack vectorsPart 3. Key takeaways: Hardening step by step – securing the network side and Lab – implementing hardening settings on the network side
Dieter Sarrazyn
Industrial Security Advisor, Secudea
|
| 14:30 | Short Break | ||
| 14:35 | Unsolicited Advice on OT PentestingTechnical Level: Intermediate OT penetration test feels like a buzzword. Many people talk about it, but only a few know what it should cover. And this is not an accident. The traditional IT penetration test does not translate directly to OT because of the risks it involves, which can be accepted in IT but can be catastrophic in OT. I spent a lot of time researching this question during my 9 years as a penetration tester at Siemens, and as a threat intel and malware researcher at Fortinet. In this presentation I would like to share my approach on how penetration testing can be translated to OT. My goal was to deliver the same value but decrease the risk it involves. I recommend a set of different security assessments on different layers that allow us to have control over the risks but deliver similar or even better results than a penetration test. Learnings for delegates: - The reason IT pretests cannot be done in OT. - Challenges of OT pentests. - An alternative strategy to get the same value with less risk. - Tips and Tricks around OT pentest.
Geri Révay
Principal Security Researcher, Fortinet
| Hardening for ICS – how to reduce attack vectorsPart 4. Key takeaways: Hardening step by step – Further securing the users and the system … playing with (group) policies and Lab – implementing further hardening settings using policies
Dieter Sarrazyn
Industrial Security Advisor, Secudea
| |
| 15:15 | End of the Capture-the-flag competitionA short overview and status and award ceremony to the top 3 teams. | ||
| 15:30 | Chairman James R. McQuiggan provides a summary of the day’s agenda and key learning outcomes
James R. McQuiggan
Security Awareness Advocate, KnowBe4
| ||
| 15:40 | The conference ends – See you next year! | ||