Welcome and Presentation of the Congress
José Valiente ( Centro de Ciberseguridad Industrial, Director )
José Valiente is Director and Head of Coordination and Communication of the Centro de Ciberseguridad Industrial (Industrial Cybersecurity Center). Specialist in Technological and Security consulting. He has more than 20 years of experience working in large consulting firms, where he has developed his professional career both in the field of information technology and in the industrial automation sector. He has participated in more than a dozen publications on industrial cybersecurity, as well as in multiple congresses, events and courses specialized in cybersecurity. Currently, he has multiple certifications in solutions for security and IT manufacturers, as well as the professional certifications CISM of ISACA and Global Industrial Cyber Security Professional (GICSP) of GIAC.
Situation of the roadmap of Industrial Cybersecurity in Spain 2013-2018
Samuel Linares ( Centro de Ciberseguridad Industrial, Founder and expert )
Founder and expert of the Industrial Cybersecurity Center. Independent Evaluator of the European Commission, CIIP expert in ENISA (European Network and Information Security Agency), member of the Global Cybersecurity Task Force of ISACA and the Executive Steering Committee of the GICSP certification (Global Industrial Cyber Security Professional).
With more than two decades of multinational experience in the management and management of multicultural projects, security and systems integration, he has been the main promoter of the concept of “Industrial Cybersecurity” in the Spanish-speaking world, and is recognized as an expert in this globally, participating as project director, chairman, speaker and professor in more than 30 countries around the world. Samuel is the founder and former director of the Industrial Cybersecurity Center (CCI) and was the Senior Lead Technologist of Industrial Cybersecurity at Booz Allen Hamilton for the past 3 years.
Samuel has numerous certifications in the field of cybersecurity, such as GICSP (Global Industrial Cyber Security Professional), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in Governance of Enterprise IT), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), GIAC Systems and Network Auditor (GSNA), GIAC Assessing Wireless Networks (GAWN), ISO 27001 or ISO 22301 Lead Auditor, as well as other specific from different manufacturers in the market, and he holds a Diploma in Management Informatics from the University of Oviedo and a University Expert in Data Protection from the Real Escorial University Center Maria Cristina and Davara & Davara.
Situation of industrial cybersecurity in the world
Coordinators of CCI ( Europe, United States, Latin America and the Middle East )
Coordinators of CCI in the United States (Patrick Miller), in Latin America (Jorge Abanto, Peru), in Russia (Anton Shipulin) and in the Middle East (Ignacio Paredes) and Collaborator in Europe (Ulrich Seldeslachts). Moderates Susana Asensio.
Red Team case study in industrial environments and critical infrastructures
Innotec System ( Enrique Domínguez [Strategic Director], Eduardo Arriols [Red Team Service Coordinator] )
Enrique Domínguez. Computer Engineer from the University of Zaragoza and MBA from ESADE. He currently leads the practice He has developed his career in the field of consulting, specializing in cybersecurity management in international areas and business continuity, leading reference projects in major entities and IBEX35 in Spain, Turkey or the United States. He is professionally certified as CISSP by (ISC) 2, CISM and CISA by ISACA and ISO 27001 Lead Auditor by BSI.
Eduardo Arriols. Coordinator of the Red Team service at Innotec System, dedicated to the development of real simulations of intrusion on large organizations. University professor of degree and postgraduate in different universities like U-tad, URJC and UCLM, and author of the book “CISO: The Red Team of the company”, of the 0xWord publishing house.
Panel debate: Industrial manufacturers share achievements and difficulties
Representatives of industrial manufacturers ( Siemens, Phoenix Contact, Schneider Electric )
Representatives of the main manufacturers of industrial technologies will participate in a debate panel where they will share their experiences when dealing with cybersecurity in an industrial automation environment.
Panel debate: OT managers share experiences on cybersecurity
OT managers of Industrial Organizations ( Energy, Chemistry, Food and Water )
OT managers in industrial organizations share experiences on the application of cybersecurity in the automation of their specific environments.
Are conventional protection tools sufficient to protect our applications against fileless and memory-based attacks?
Ángel Fernández ( Logitek, Industrial Cybersecurity Manager )
Àngel Fernández is responsible for the divisions of Industrial Cybersecurity and High Availability in the Logitek technology company. He also collaborates with the Universitat Politècnica de Catalunya in the Professional Master of Automated and Robotic Production. Graduated in Industrial Engineering (specialization in Electrical Engineering, and Industrial Automation in Higher Engineering) has developed his professional activity in different companies, starting from the most industrial base and specializing in the field of communications and industrial networks.
Collaborating in the digital transformation of Spanish industry from Cybersecurity
Pedro Romero ( SIEMENS, Responsible for Digital Services and Cybersecurity )
Ingeniero Industrial con una amplia experiencia profesional en Alemania ligado a proyectos de I+D relacionados con la industria 4.0, siendo en la actualidad responsable de Servicios Digitales y Ciberseguridad. Adicionalmente dirijo el Mindsphere Application Center, el laboratorio digital para industria.
Welcome and Presentation of the second day of the Congress
Susana Asensio ( Centro de Ciberseguridad Industrial, General Coordinator of Europe )
Susana Asensio is the General Coordinator of Europe, Member of the Board of Directors, Director of the Professional School of Industrial Cybersecurity, and Project Manager at the Industrial Cybersecurity Center. Graduated in Software Engineering, and Technical Engineer in Management Computing, both from the Polytechnic University of Madrid (UPM), Susana is a specialist in research and development projects in security and technology. He has a postgraduate degree as Specialist in Promotion and Management of Projects and International Actions of R + D + i by the UPM. After working as a researcher in Information Technology (IT) at UPM, she has been, during the last years, and prior to her incorporation to CCI, combining the management of IT security projects, and the coordination of various IT security groups in the Multisectorial Association of Companies of Electronics, Information and Communication Technologies, Telecommunications and Digital Content (AMETIC).
Points to take into account in the security of the control of our process: SCADA systems cybersecurity
Jose Luis Gallego Labajo ( Telefónica, Industrial cybersecurity consultant )
Industrial cybersecurity consultant. Developing automation projects of industrial control projects of large multinational companies during the last 17 years, the acquired experience has provided great value to the projects in the area of industrial cybersecurity carried out since 2013.
He currently participates in the industrial cybersecurity of the energy sector in industrial infrastructures, Smart Grids and Critical Infrastructures, developing projects that facilitate real-time monitoring of digital assets in industrial networks.
What every OT professional should know about cybersecurity, based on experience
Patrick Miller ( Archer Security Group, Managing Partner )
Patrick Miller is one of 20 Forbes cyber policy experts to follow on Twitter and one of the 50 smart grid pioneers of smart grid in 2015. Today he is a trusted independent advisor dedicated to the protection and defense of critical infrastructure throughout the world. He is currently a managing partner of Archer Energy Solutions, as well as founder, director and president emeritus of EnergySec, a 501 (c) (3) nonprofit focused on the exchange of information, situational awareness and staff development of security for the energy industry. Patrick’s experience extends to the Government, Telecommunications, Financial and Vertical Energy Services, within the key positions with the regulatory bodies, the owners of useful assets and private consulting companies.
Lessons Learned and Use Cases for Successful ICS Cybersecurity
Obbe Knoop ( Nozomi Networks, Global Vice President )
Obbe brings over 20 years of executive management to Nozomi Networks. He is passionate about helping companies build a strong security posture while reducing costs and managing risk. He is an expert in the value of critical infrastructure cybersecurity. Prior to joining Nozomi Networks, Obbe held the role of Security Business Unit Executive with IBM for industrial markets. His career with IBM came after his tenure at BigFix where he developed alliance partnership with industry leading companies. Obbe is fluent in multiple languages and has an MBA in business economics from Radboud University Nijmegen in the Netherlands.
Vulnerabilidades y amenazas emergentes en SCADA y Sistemas de Control Industrial
Vitor Ventura ( Cisco Talos Intelligence Outreach - EMEAR, Technical Leader / Security Researcher )
Vitor Ventura has worked in IT Security for over 17 years, in various areas ranging from security management to malware reverse engineering. Working both on hardware as software. He thus has a very broad knowledge of computer operating systems and hardware. Vitor is currently a security researcher technical lead at Cisco Talos Intelligence Group in Europe, were he has published several analysis at talosintel.com.
While performing security assessments, Vitor lead flagship projects like Connected Car assessments and Oil and Gas ICS security assessments, custom mobile devices among with other IoT security projects.
Has incident responder Vitor was the lead responder on several high profile organizations affected by the WannaCry and Nyetya/NotPetya infections, helping to determine the extent of the damage and to define the recovery path.
Vitor holds multiple security related certifications like GREM (GIAC Reverse Engineer Malware), CISM (Certified Information Security Manager), MITS (Master IT Specialist – Security).
Technological evolution without security: a present threat
Jose Manuel Moreno ( Everis, Head of the Hacking Area )
Jose Manuel Moreno has led the everis hacking center for more than four years, focusing his activity on the direction of audit and penetration testing projects for different clients and in different geographical areas. Jose Manuel has focused his career on tasks of “Ethical Hacking”, where he develops activities in a wide variety of technologies, being an expert in security architecture, source code audit (SAST), software running (DAST), systems , networks, infrastructures and services. With extensive experience in the development of intrusion testing, social engineering, compliance and bastion of systems and team training “Red Team.”
Model architecture and cybersecurity measures in ICS / SCADA environments (Energy / Manufacturing)
Pablo Ibáñez ( Palo Alto Networks, Systems Engineer )
Telecommunications Engineer and MBA, currently as Systems Engineer at Palo Alto Networks and leading the vertical of ICS / SCADA at Iberia as Consultant and architect in industrial cybersecurity for the Utilities and Manufacturing sectors, as well as responsible for Palo Alto Networks Cloud Lab for ICS scenarios / SCADA (Energy / Manufacturing).
Experience with the ARLISI methodology and tool (Lightweight Comprehensive Security Risk Analysis)
Organizations who have developed it ( CNPIC, INCIBE, EULEN )
As a fundamental part of the National Industrial Safety Scheme (ENSI), the experience in the implementation of the new ENSI_ARLI-SI guide is presented. Lightweight Comprehensive Security Risk Analysis Methodology that aims to provide a simple and practical model of comprehensive security risk analysis for critical infrastructure operators.
Implementing an Industrial Cybersecurity Operations and Response Center
José Valiente ( Centro de Ciberseguridad Industrial, Director )
José Valiente is Director and Head of Coordination and Communication of the Industrial Cybersecurity Center. Specialist in Technological and Security consulting. He has more than 20 years of experience working in large consulting firms, where he has developed his professional career both in the field of information technology and in the industrial automation sector. He has participated in more than a dozen publications on industrial cybersecurity, as well as in multiple congresses, events and courses specialized in cybersecurity. Currently, he has multiple certifications in solutions for security and IT manufacturers, as well as the professional certifications CISM of ISACA and Global Industrial Cyber Security Professional (GICS) of GIAC.
Panel debate: CCI experts share experiences
Experts of the Industrial Cybersecurity Center ( Safety, Sistemas MES, Hacking Industrial,, Process Security, Forensic Analysis )
Experts from the Industrial Cybersecurity Center will discuss the new challenges of IT and OT integration in the digital transformation of the industry and share their experiences.
Building Cybersecurity in the Smart Grid
Iñaki Ángulo ( TECNALIA, Responsible for projects in the energy area )
Degree in Computer Science in 1989 from the University of Deusto (Bilbao, Spain). During his time at the Technological Centers of Labein (1989) and Robotiker (2008) he has participated and led several research projects related to the development and application of advanced information technologies and information communications to different sectors, among which they emphasize the electrical, sanitary, construction and industrial.
Since 2015 he is responsible for projects in Tecnalia within the area of Intelligent Electrical Networks and Storage of the Energy Division of the Division of Energy and Environment, focusing on the application of data analytics technologies, the Internet of Things and cybersecurity to Networks Smart Electrics (Smart Grids). As more recent projects, we can highlight “SecureGrid” and “Red Eléctrica Cibersegura”, where cybersecurity and data analytics technologies are being developed for the deployment of a safer electrical network.
Project CS4 - How to include cybersecurity in a predictive maintenance project
Juan Luis Carús ( Grupo TSK, Project Manager OT )
Juan Luis Carús Candás is the director of R + D + i projects within the Information Technology division of Grupo TSK. Engineer in Telecommunications from the University of Oviedo and PhD in Industrial Technologies from the National University of Distance Education (UNED) has been collaborating for several years in research projects focused on the application of information technologies to the industrial sector. Currently he participates actively in R + D + i projects within the initiative known as “Industry 4.0”. He has collaborated in several impact publications and participated in international conferences and seminars.
Being digital, being insecure
David Marugán ( AXIANS, SOC Manager )
Team manager at Axians Spain, specialist in security and radio communications. He has focused his research work on radiofrequency hacking, SDR (Radio Defined by Software) and SIGINT (Signals Intelligence) techniques. Member of MundoHacker TV Team (DMAX and TVE). He has participated as a speaker in different hacking and security events at national and international level such as Navaja Negra, Mundo Hacker Day, Qurtuba Security Congress, MoscowC0N, EASTMADH4CK, Colombia 4.0 and others.