《研讨会 - 网络 FAT_SAT.pdf》由会员分享,可在线阅读,更多相关《研讨会 - 网络 FAT_SAT.pdf(22页珍藏版)》请在三个皮匠报告上搜索。
1、Workshop:Paul Piotrowski and Mike HoffmanWorkshop:Paul Piotrowski and Mike HoffmanDOING FAT/SAT RIGHT IN ICS/OT PROJECTSWHO ARE WE?Paul PiotrowskiSANS Certified Instructor,ICS410 Principal OT Cyber Security Engineer in Shells Global OT Security Discipline.Consult on Global Capital Projects and suppo
2、rt Shell Operated and Non-Operated Assets globally.Spent over 22 years in Shell in various security roles including network operations,risk governance and compliance,audit,incident management,forensics,pen testing and project management.Helped create the GICSP Cert(#50)Involved with SANS over the la
3、st 10 years on various initiatives.Certs:GICSP,GRID,GCIP,CISSP,CRISCMike HoffmanSANS Certified Instructor ICS410,ICS612O&G Advisory Solutions Architect with the industrial cybersecurity company Dragos,Inc.Held positions with Shell for 20 years across ICS Security Engineering,Controls&Automation,Labo
4、ratory&Process Analyzers,Measurement,and Instrumentation&Electrical.Technical background gives him an understanding of industrial processes,which is extremely important in understanding the impact of OT system compromise and the nuances of defense.SANS Technology Institute MSISE graduate.Certs:GSE#3
5、20,GRID-Gold,GICSP-Gold,GCIP,GCLD,GPEN,GWAPT,GCIH,GCIA,GPYC,GSEC,GSTRT,GCPM,GCCC,CISSP,PMPCONTEXT AND GROUNDINGSuper Cool Stuff about FAT and SAT!CYBER SECURITY THROUGHOUT THE LIFECYCLEDesign SecureBuild to External Standards(e.g.,ISA/IEC-62443,NIST 800.XX,NIST CSF V2.0),SANS 5 Critical Controls-at
6、Minimum.Procure SecureSystem Security Requirements,Security Procurement LanguageCommission SecureFactory Acceptance Testing,Site Acceptance Testing,CutoverRun SecureSecurity Program Management,Assessments,Auditing,Change ManagementLook to the NIST CSF v2.0 for practice areasDecommission SecureRemova