About Session
Choose between various security topics and spend an hour walking in beautiful Copenhagen, while networking with your peers.
1. OT Firmware Security: The Attack Isn’t Coming, It’s Already Installed
Patrick C Miller, Owner, Ampyx Cyber
Firmware sits beneath the operating system, controlling everything from PLCs and RTUs to network gear and field devices. Yet it remains one of the least monitored and least protected layers in operational technology. Modern threat groups know this blind spot well. They no longer need noisy exploits or ransomware when they can simply implant malicious code into trusted firmware and wait. In this walk-and-talk session, we will explore why compromised firmware is no longer a theoretical risk, but a present and active threat already embedded in industrial environments.
Led by Patrick C. Miller, a veteran OT security practitioner and advisor to critical infrastructure operators globally, this session will uncover how attackers target firmware supply chains, exploit trust boundaries, and persist below system defenses. We will walk through real-world scenarios, discuss practical detection methods without halting operations, and explore emerging countermeasures. This session is designed for anyone responsible for OT security resilience including engineers, asset owners, and security leaders who must now treat firmware as an attack surface hiding in plain sight.
2. OT Assessment & Penetration Testing in a Live Environment
Søren Egede Knudsen, CEO & IT/OT Security Expert, Egede
We have been conducting penetration testing in OT environments for some time, but how can it be done safely in a live environment without disrupting production? This is the topic of this walk-and-talk session.
Søren Egede Knudsen, who will lead the walk, has extensive experience in both OT cybersecurity and OT penetration testing. He was also selected by SANS to help finalize the new 613 training, which focuses, specifically on this subject.
This walk is intended for both those who commission OT live penetration tests and those who conduct them. It will also highlight some of the major differences between OT and IT penetration testing
3. Navigating the new normal in cybersecurity
Marc Brændstrup, Head of Siemens Industrial Security in Denmark, Siemens
We will explore how the new Machinery Regulation connects CE marking and cybersecurity. Additionally, we’ll investigate the Cyber Resilience Act (CRA) and its influence on the future cybersecurity landscape.
4. Log collection in OT – And why it’s the core activity for your defence of OT/ICS
Michael L. Weng, SOC Analyst, SektorCERT
Defence is doable, and it’s time to deliver on that defence in OT/ICS (Thanks Rob. M. Lee). But to deliver, we must ensure proper logging of relevant telemetry and context data, for the SOC to deliver their end of the deal – Monitoring, Detection Engineering, Alerting and Incident Response.
In this Walk & Talk session we will explore and discuss proper logging and data collection for the OT/ICS SOC functionality. Which Network logs do we need, and which endpoint logs do we need, to ensure correct and timely detection of adversaries in our systems? Will the OT SOC-as-a-Service ever be realistic?
Join Michael Weng, Senior Analyst in SektorCERT’s SOC, which daily monitors and detects threats for more than 450 members in the Danish Critical Infrastructure, as he during this session explores and challenge the current best practice of log-collection and use in a SOC for OT/ICS.
We’ll discuss the CMF (Collection Management Framework) possibilities and of course the relevant logs to collect, to support OT SOC work. If you work in a SOC, or just want to gain more knowledge about the issues and challenges surrounding log-collection in OT/ICS, come and join our Walk & Talk session.
