Choose between various security topics and spend an hour walking in beautiful Copenhagen, while networking with your peers.<\/p>\n
1. OT Firmware Security: The Attack Isn\u2019t Coming, It\u2019s Already Installed<\/strong> Firmware sits beneath the operating system, controlling everything from PLCs and RTUs to network gear and field devices. Yet it remains one of the least monitored and least protected layers in operational technology. Modern threat groups know this blind spot well. They no longer need noisy exploits or ransomware when they can simply implant malicious code into trusted firmware and wait. In this walk-and-talk session, we will explore why compromised firmware is no longer a theoretical risk, but a present and active threat already embedded in industrial environments.<\/p>\n Led by Patrick C. Miller, a veteran OT security practitioner and advisor to critical infrastructure operators globally, this session will uncover how attackers target firmware supply chains, exploit trust boundaries, and persist below system defenses. We will walk through real-world scenarios, discuss practical detection methods without halting operations, and explore emerging countermeasures. This session is designed for anyone responsible for OT security resilience including engineers, asset owners, and security leaders who must now treat firmware as an attack surface hiding in plain sight.<\/p>\n 2. OT Assessment & Penetration Testing in a Live Environment<\/strong> We have been conducting penetration testing in OT environments for some time, but how can it be done safely in a live environment without disrupting production? This is the topic of this walk-and-talk session.<\/p>\n S\u00f8ren Egede Knudsen, who will lead the walk, has extensive experience in both OT cybersecurity and OT penetration testing. He was also selected by SANS to help finalize the new 613 training, which focuses, specifically on this subject.<\/p>\n This walk is intended for both those who commission OT live penetration tests and those who conduct them. It will also highlight some of the major differences between OT and IT penetration testing<\/p>\n 3. Navigating the new normal in cybersecurity<\/strong> We will explore how the new Machinery Regulation connects CE marking and cybersecurity. Additionally, we\u2019ll investigate the Cyber Resilience Act (CRA) and its influence on the future cybersecurity landscape.<\/p>\n 4. Log collection in OT \u2013 And why it\u2019s the core activity for your defence of OT\/ICS<\/strong> Defence is doable, and it\u2019s time to deliver on that defence in OT\/ICS (Thanks Rob. M. Lee). But to deliver, we must ensure proper logging of relevant telemetry and context data, for the SOC to deliver their end of the deal \u2013 Monitoring, Detection Engineering, Alerting and Incident Response. Join Michael Weng, Senior Analyst in SektorCERT\u2019s SOC, which daily monitors and detects threats for more than 450 members in the Danish Critical Infrastructure, as he during this session explores and challenge the current best practice of log-collection and use in a SOC for OT\/ICS. Choose between various security topics and spend an hour walking in beautiful Copenhagen, while networking with your peers. 1) OT Firmware Security: The Attack Isn\u2019t Coming, It\u2019s Already Installed. 2) OT Assessment & Penetration Testing in a Live Environment. 3) Navigating the new normal in cybersecurity. 4) Log collection in OT \u2013 And why it\u2019s the core activity for your defence of OT\/ICS. Click here for more information.<\/p>\n","protected":false},"author":4,"featured_media":0,"template":"","meta":{"inline_featured_image":false,"footnotes":""},"session_track":[7,8,11],"session_location":[],"yoast_head":"\n
\nPatrick C Miller, Owner, Ampyx Cyber<\/em><\/p>\n
\nS\u00f8ren Egede Knudsen, CEO & IT\/OT Security Expert, Egede<\/em><\/p>\n
\nMarc Br\u00e6ndstrup, Head of Siemens Industrial Security in Denmark, Siemens<\/em><\/p>\n
\nMichael L. Weng, SOC Analyst, SektorCERT<\/em><\/p>\n
\nIn this Walk & Talk session we will explore and discuss proper logging and data collection for the OT\/ICS SOC functionality. Which Network logs do we need, and which endpoint logs do we need, to ensure correct and timely detection of adversaries in our systems? Will the OT SOC-as-a-Service ever be realistic?<\/p>\n
\nWe\u2019ll discuss the CMF (Collection Management Framework) possibilities and of course the relevant logs to collect, to support OT SOC work. If you work in a SOC, or just want to gain more knowledge about the issues and challenges surrounding log-collection in OT\/ICS, come and join our Walk & Talk session.<\/p>\n","protected":false},"excerpt":{"rendered":"