hello and welcome to getting started with industrial icot cyber security I appreciate you taking the time to check the video out and and hopefully you'll find uh some good information resources that you're looking for maybe some answers to your questions about literally how to get started in industrial cyber security so my name is Mike hul and uh again I appreciate you for uh wanting to come check out the uh class so real quickly a couple of disclaimers so the information that I'm going to be sharing is informational purposes only and that all the information that you are going to learn is expected to be used for the forces of good and not for the the forces of evil you know ideally we're going to be talking about things like different cyber security attacks against industrial control and it environments and how to conduct those different types of attacks so we learn this information we share this information to make ourselves better cyber security Defenders and that's the really the main goal of this course so not to use that information to become an attacker so hopefully everybody gets the the idea there and then all the information I discussed in the course is really my own opinions it's not necessarily affiliated with my day job or any of the other organizations that or clients that I'm affiliated with so so I did include this slide that I usually keep this in or use this slide when I'm doing this class live and so we've had I think about a thousand people come through this this course live uh over the last year so there which is really exciting U and also wanted to get it out on on YouTube for those that that couldn't make the the classes but uh and we'll be talking about uh robly probably a lot throughout the course and you Robble if you're not familiar so Rob Le is the CEO and founder of dragos and they are the world leader in industrial control cyber security and that's really because Rob Lee is considered the the true thought leader at the the global level in industrial control cyber security his mentor Michael Assante who had passed away unfortunately a couple years ago but he really was seen as the person that really started the field of industrial cyber security so this incredible lineage that uh between Michael Asante and and and many others that we're going to be talking about through through the course but Rob's probably the the one person we'll mention most uh as as we go along and I have a lot of you know share stories that he shared um that that I'm able to you know share with everyone if if it's something that he shared like in a class or in a speech um you it's definitely there's other things that he shared in the past that are only for you know for it's not my place to share those things but but definitely the the ones that that I'm able to I think it helps really bring a lot of light and character into some of the the shadows of of ICS cyber security and he really does an incredible job of demystifying IC cyber security which I've always appreciated it trying to make it simple and practical for people to understand and that's really one of my goals as well so uh so in larger groups when you have a couple hundred people in Discord we like to say you do you just don't be a a jerk you know so so be uh be uh be nice to everyone but again I just so I just kept it in there just to really introduce robly that again we'll be talking about him more than a few times I'm sure as we go throughout the course so what we're going to be covering uh in this first section so we're going to talk about uh a little bit give you a little bit volume my background so maybe understand why you should or maybe shouldn't listen to me uh we'll talk about you know the purpose of the course why I put it together the goals of ultimately what you're going to look at getting out of the course we going to have some references and course materials that that we'll be looking at uh we'll go over the different units or modules that make up the course and then we'll wrap up with a discussion on cyber security certifications for icot cuz that's one of the most common questions that I get so we want to put that in this introduction section because it really doesn't fit in any of the other modules and then we'll also talk about some additional resources like conferences and podcasts that that you can either attend or or listen to to get a lot of great information on Industrial control cyber security so for those of you that don't know me my name is Mike hul I'm the floor fellow for cyber security so I work at a company called floor we're one of the world's largest engineering and construction companies in the world so we build and sometimes operate some of the world's largest industrial control environments and I get to work with some of the best engineers in the world which which is really um fascinating position to be in because I can learn so much from from so many different people and from all over the world and all different types of companies in all different sectors so be talking about I'll share as much of that experience as as I can throughout the course as well I am also the global lead for the floor icot cyber security perspect uh program or practice if you want so we'll talk a little bit more as we're going throughout the course and what that really means from a practical experience also run a couple of uh local cyber security groups so I run the the local Issa chapter which is more associated with it cyber security I've been doing that for almost 20 years at this point and also the local version of uh bsides that we have here in Greenville so we'll also be talking about those as we go uh throughout the course uh I also wrote and taught all of the six cyber security courses that make up the local technical colleges cyber security program uh which I was really proud of because there are a lot of really handson you know true like practical experience Hands-On Labs that they put in the the courses so I was really really excited and and proud of that work I have a lot of cyber security certifications I've been in it cyber security for a little over 25 years and I've been you working into getting into OT cyber security since 2010 so not as long but uh uh for about what 13 years when I started it was really I didn't get really a lot of traction till about 10 years ago into the field so that's another reason why put this course together to to help people that want to make that transition whether it's from it cyber security or if you're an OT today and and want to learn more about cyber security so so we'll be talking about some of those certifications I'm actually finishing up my Master's Degree right now I'm writing my thesis on kind of PLC cyber security uh which those are programmable logic controllers if you don't know what that means yet you will after the next section or two so don't worry about that uh so uh but we'll talk a little bit about that and the thesis and and uh and then I do some outside training and Consulting outside of the floor world as well so I've worked with a couple manufacturing entities now and some other uh really small well more medium to large size environments so that uh I've been really fortunate and lucky to to work with yeah so I'm really really happy about getting to do uh all those different projects I just like going into new environment and working with people and and helping them become secure so uh in my my floor world in the OT or the operational technology or industrial control side uh so you can see in the upper left that was actually my first project I actually got to go on site for it was a large traditional power plants actually uses natural gas to to generate electricity so we're going to actually be talking about uh that uh project as an example of how a overall industrial site comes together using the the power plant example so I worked on the new New York Bridge not not a lot of control systems on Bridges there's there's some but uh so still exciting project that's north of New York City and a bridge that goes over to the Jersey side so uh we run the Subways in in several big cities in the United States uh one that I recently L have worked with is in Denver Colorado so those of you're not familiar Denver is kind of right in the middle of the United States so uh that was uh that was their their picture there and then in the kind of the lower left is our largest project that were building for Shell which is called shell lngc it's a LG uh Port facility so we bring in uh natural gas liquefy it and load it onto container ships and it's actually Shell's largest project is well it's a $50 billion project just to kind of get an idea of size and scope and when you look at that picture the idea is it doesn't maybe look that big but really say it's kind of like a small City it's really more like a mediumsized city the the LG storage tank which you can kind of see in the bottom still has the cranes around it as they are building it but and I remember talking about this as part of the risk assessment and we'll get into that later in the course but talk about the the storage tank that is aligned with sensors because you have to monitor over time because natural gas can become unstable and and could explode and when you look at the tank itself it's actually the size of a large Sports stadium so it's a little hard to tell maybe from the scale of the picture but that then starts to you can really maybe start to get an idea of how large that that project actually is so but that gives you a little bit of background I work on some other projects of course as well and a few we'll talk about uh anything that's publicly available uh that you know I'm definitely free and and open to to talk about so so that's a little bit about me and uh real quickly uh if you haven't seen most people find me through Linkedin so definitely feel free to reach out you can follow you can reach out and connect send send me a message if you have questions on the course material usually LinkedIn is the best way to get a hold of me so so you can find me there I'm always I'm always there so so that's the one place that's better than email even uh or my cell phone probably that to get a hold of me uh you can also see in the little banner I did write two different little ebooks that are free and about getting started in industrial cyber security and one is actually written for those of you that are coming from an IT cyber security background and if you're coming from an OT uh automation background then there's a a version that's written for you so so probably about 80% of the content is about the same it's just the the first 15 20% of the content where depending on which world you come from the steps that you're going to take first to get into cyber security industrial controls is is different and so the books really can help you walk through that process and and just provide a lot of resources and kind of thoughts on on how best to go about getting into industrial cyber security and for for me in 2010 when stet first came out and we'll talk more about that later on that was really what started getting me down that path into industrial cyber security the problem was nobody wanted to talk about it back then there really weren't any books there was very little information on the internet so it it's a very uh you know black magic that nobody knew you know how it actually worked and and sometimes it can be like that even today thankfully especially over the last couple of years and and a lot of the work by people like Michael Asante and Rob Lee you know the community has really opened up over the the last couple of years and and there's still a lot of great information out there but it can still also be overwhelming again that's a big part of why I put those books together and why I put this class together so ultimately why the class though and why am I in industrial cyber security and and why today so and right now I'm recording this it's November of 2023 so 2024 is coming very quickly the industrial control cyber security landscape has changed dramatically over the last couple of years especially the last couple years and and even the last couple of months whereas prior to really 20 what 21 that really not much had changed for years for decades and so it's a really exciting space to be in right now because things things are really starting to change and for us as Defenders not not in a good way unfortunately because we are seeing the number of attacks are going up every year they're doubling they're tripling against our OT or industrial control environments and in some more sensitive environments like if you're in the Ukraine that you they're seeing you anywhere from 10 to 100 fold increases depending on the the day of the week just you know insane amounts of increases of attacks against things like critical infrastructure what we really saw was a big shift and this go about two and a half years ago with the colonial pipeline breach which we're going to talk talk a lot more about and in course and you'll hear me mention it a lot as really this kind of demarcation point for in control system cyber security because before Colonial pipeline about 2 and a half years ago not everybody in OT really worried about cyber security because they were just worried about nation state attackers but Colonial pipeline wasn't taken off line because of a nation state attacker like Russia or China or the United States it was a ransomware group and we normally associate ransomware groups with you know General it and now we see ransomware as the number one threat against both it and OT environment so there's a lot we're going to unpack there so I don't want to jump too far ahead but another problem that we see is that more and more and this is just increasing every day that the types of systems we have in it like windows-based systems are moving more and more into OT which makes it easier for us to run and manage facilities but it also makes it that much easier for attackers so not only are we seeing more attacks and more attackers but we're also seeing more systems that are easy for the attackers to break into we're also allowing a a lot of my opinion too much communication between the it networks and the the OT networks at a at a location and so if you're at let's say a power plant you have an IT side of the house and you have an OT side of the house and you want to keep those as separated as possible but it's not always as easy just to say they're completely you know cut off from each other that that doesn't work so we do allow some communication but we have to do that as secure as possible so we're going to be talking about that we have an entire section dedicated to that later on we also look at so we're going to talk about owners and operators in the OT space so owners are it's a company that owns say like a power plant so the the power plant I was mentioning earlier that was owned by Dominion Energy now the people that run the power plant that keep it up and running generating electricity for the public that could be the same company it could be Dominion Energy employees or they could Dominion Energy could pay someone another company to run the power plant for them so sometimes owners and operators can be different companies or like I believe with the the Dominion Energy power plant they're the owners and they also operate the facility as well but we still see a lot of owners and operators even in 2023 don't think that their OT environments are targets uh which to me is probably one of the most concerning uh problems that we have today so big part of what I work on is really in a lot of respects security awareness and helping owners and operators understand that that they are targets of attack and it's again it's not just nation state attackers we're worried about anymore and then ultimately why cyber security especially in critical infrastructure is so important is what happens with that power plant if the power plant goes down for a couple of hours yeah not the end of the world right as long as our iPhones and laptop laptops have a couple hours on their battery you know we'll we'll all survive but what if it's a couple of days or a couple of weeks or and then you get into really worst case right months or year without power I mean that's where you get into Walking Dead territory right and and the degradation of society and that's obviously not what any of us wants so in in the IT world I always focus on I don't want the company compromise because if anything the company loses money people are going to lose their jobs in OT or industrial control cyber security there's even greater Stakes when you talk about how we support the world around us and that's a big Focus for me it's really I don't say it lightly I say yeah we're here literally to save the world or at least to protect the world sometimes from itself we want to make sure that especially with critical infrastructure Power Water a lot of these things that people take for granted I I know I do right that that are protected and and stay safe so telecommunications um which plays into you know the internet right large data centers that provide services manufacturing think especially like with Pharmaceuticals so there's a lot that comes into play so we'll we'll be talking a lot about that as we go throughout the course now the course itself you can see that yeah when I put this together it was really designed as this highlevel overview of cyber security when it comes to Industrial control environments like power plants or manufacturing or we talk about mining or rail or and the list goes on and on so we'll talk about a lot of different types of environments that's another thing I'm very fortunate about working at floors I get to work in so many types of of environments there's very few different types of sectors we actually don't don't work in and and we work in just about every country on six continents used to be on Seven Continents so uh so we've you know been a little bit all over uh so again I get to bring in a lot of experiences and and knowledge from over the years to be able to share so it's this is not of course this is just a over over overview uh and then like just like in in general it cyber security right we're kind of scratching the surface and then there's different areas that you can dive deeper into and hopefully as you're going throughout this course you'll find those different areas that you're probably even more interested in and and you can definitely take a a deeper look at at those so uh if you're you know just even interested in in learning a little bit about industrial control cyber security right it's a great great uh great course and I think with videos on YouTube you could just kind of flip through it as much as you want if you're not you know if you're not trying to really you know deep dig in and learn and you just kind of want to get a look and feel right perfectly fine and then it really ultimately then it's also about helping people understand how do we secure these control system environments how do we protect our power plants and our water water treatment facilities and our Railways and our mines and our manufacturing environments and so on and so forth a couple of the other goals a couple things that we'll highlight as we go throughout is we talk about how you with people coming from an IT background which we already started to mention it comes into control system cyber security differently than somebody from the control system world so people like people doing Engineers or technicians at a sight maybe they're doing operations and maintenance or uh doing things like PLC programming or work in a a control room but we'll be looking at you know how do people come from the IT world how do people come from the OT world but ultimately it's not only how do we come from these different worlds like I came from a traditional it cyber security background but how do I get to work with people on the engineering and the maintenance side of the house and the automation groups right because it takes both sides of the house to work together because it's not just the it side it's not just the OT side of the house we have to work together as if it's a bad marriage where we're either fighting all the time or we're just not even communicating and everybody's just shut down nothing's getting done and the only people that win are the attackers and that's the the biggest concern so one of the the areas that I highlight that's most important for us to work in in industrial cyber security is how do we get OT and it people to work together and sometimes the best way to do that is to get them in the same class and we'll be talking I have some great examples of that from from over the years that we'll be talking about as as we go on so there's some course materials that we'll be referencing as we go along I do have review questions for each of the the modules and and then some additional modules that we're not covering in in this course because they're now dedicated to their own courses like penetration testing in in industrial control environments right that's not something that you can just cover in an hour or two right that's a whole 40 hours of content and of of itself you know so that idea but there's review questions I have some quick start reference guides so we'll talk about primarily tools like showan and and and map as well so I have some quick start reference guid you can find those in my GitHub repository the link is in the end of this video so don't worry about that and then I always recommend that everybody at least read sandor by by Andy Greenberg uh which is a great it's great novel uh that talks about really the buildup of cyber security in the industrial control World kind of starts off with stucked and and builds up until I think that it was published up to a couple years ago so also talks about really the leadup to the current Russian invasion of the Ukraine because Russia has always um not been shy about leveraging control system cyber security attacks against the ukrainians like when they turned out the power they created two blackouts one in 2015 and 2016 also one allegedly in 2017 and then it was just revealed last week that they also did it in 2022 so we've had three if not four blackouts in the Ukraine caused uh by the Russians you know using computers right it's that you know from that cyber perspective so sandworm does an excellent job of really walking us through kind of history of control system cyber security and it even talks about robly in the book and some others like uh John was hillquist I believe it's how you say his last name over at mandiant and some others that that are some you know well recognized names in in the field so back doors and breaches is a also a car game created by Black Hills information security and there's a digital online version that you can use for free and there's an IC version that black hills had put together with dros Rob Le's company and so we're actually going to look at that when we get into the last module talking about incident detection response because it's a great tool especially when it's free and online to be able to learn different types of attacks and not just that but how do we respond to those different types of attacks in control system environments so we're going to be looking at that in the the last module of the course so So speaking of the different modules or the different units so of course we're here in unit one so we're just going over the introduction even though I put a lot of content into the introduction so uh we we still have a little ways to go uh especially you know just trying to get a lot of those resources that that I want everybody to be aware of in unit two we're actually going to then get into really what is this world of control system cyber security and why it's important we're going to dig into you know the different types of attacks and attackers and some of the history behind control system cyber security especially over the last you know roughly still 20 years when we look at unit three this is where we're going to if you're not familiar with the different types of control systems so when we think say things like plc's and hmis and rtus and IC versus scada and the list can go on and on but we're going to talk about what are those different types of controls systems and then we're going to look at we also have specific types of protocols in control system environments so things like modbus and S7 and dmp3 and backnet and there's also Wireless protocols like zigby which I find the the most fun to say um you know Wi-Fi just like we have in our houses and uh apartments and and offices right you can also find in industrial control environments and so you also find all the same same vulnerabilities and security issues there as well so there's a lot we're going to talk about in that section and then once we get through that I think we're all at that point on this Level Playing Field whether you come from it or OT and then we can start talk about well how do we secure our critical infrastructure how do we secure our OT environments so the first place we're going to start is with secure network architecture so how do we allow it and OT networks to talk with each other but hopefully in a limited manner but still wrap security around that to do it as securely as possible unit five we're going to talk about asset registers which is really just if you're coming from an IT background it's just a fancy way of saying asset inventory so we want to make sure that we have a list of our hardware and software and firmware that we have running in a control system environment so we know we have or we know what we have in the environment to protect the asset register is is very critical to a lot of control system environments so they should already have one even though that's not always the case so also talk about how to build one which isn't necessarily easy and depending on the environment you're working in it's not safe potentially as well but it's very critical to have a asset register as complete as possible because then that L lends itself to when we talk into unit six about threaten vulnerability management right understanding what vulnerabilities do we have in the environment and how do we need to address those how do we address them and and do we even need to address them so so it's definitely a lot to talk about in in unit six unit s we take a little bit of a s track so this is where we we're talking almost a little bit of penetration testing and using tools like show in and other ENT or open- Source intelligence gathering tools out on the internet to see uh especially do we have have any control system environments or systems that are connected or exposed directly to the internet because if they're exposed to the internet they they're exposed to everybody including the attackers and the attackers will find them and they will find them very quickly to to Target them and and take control over those and then use them as a foothold into the rest of the OT or or the it environment which they can then use to get into the the OT Network so we're going to spend some time uh there and then after that that's when we'll get into our last unit talking about incident detection and response so when we look at network security monitoring how do we detect if there's an attacker on the network right we can deploy different tools to alert us well how do we investigate those alerts to determine is something malicious or not there's some alerts that I I know if I had first seen them when I came into OT for the first time especially 10 years ago I would have said ooh that's malicious activity it's like well no that's just normal plant plant operations so so there's definitely a couple of things that we want to look at there and how do we respond response at high level works very similar in it and OT we just have different focuses for that response that's what we're going to talk about later especially the main thing to just keep in mind not to jump too far ahead is just in control system environments in OT right the the main concern is safety right making sure the people at the side and in the the the general public are safe and then we also worry about the safety of the environment and then we can talk about the availability of the plant but that's very different than the IT world where we're worried about confidentiality of data most importantly right we don't want attackers to come in and steal our information and that's that's still important but that's not at the top of the list when it comes to OT cyber security it's the ultimate priority Second To None is physical safety making sure everybody on site goes home at the end of the day to their family making sure that if there's the general public in in the vicinity of that plant or wherever we're operating think of if we're operating a you know Subway for moving people from point A to point right we have to make sure everybody stays safe that is our primary concern above and beyond anything else so that's what we're going to be talking about in those eight different units for this course now I did want to include you know a talk a little bit or a section around cyber security certifications again they don't really fit in any of the other modules but but it's one of the most commonly asked questions questions that I get and it makes sense right and I have a lot of these cyber security uh certification so I've taken the entire series that of the ISA 62443 I've taken the three s courses and and three certifications they have a couple other courses but they don't have uh certifications for those in in the control systems and then next year they're going to debut a pen testing course which I'm I'm excited I'm going to go take that one and and then there are some other certifications out there from other companies like EXA and I believe it's to reinland from from uh Germany I just don't have any experience with those I know people that have taken those courses uh so we'll mention that um but uh I just don't have any personal experience with those so so the most popular route I see people taking today is ISA 62443 so Isa so Isa and IEC are two organizations that think of them kind of as sister or brother entities they um IEC is more internationally recognized Isa is based out of the United States so it just depends on what part of the world you're you're from where you how you'll reference it and so Isa 62443 though is really considered the gold standard of a literal standard of how do we create a cyber security program for a control system environment right it's it's a great framework or standard in doing that and we're going to be talking about that a lot as we go throughout the the course so they put together four different courses and if you you do have to take the courses to take the associated certification exams and you can see there's the first one starts with the fundamental fundamental specialist That's like kind kind of like Security Plus from the IT world world if you're familiar and then you can see there's there's three additional kind of more specialist type of rol so one for uh maintenance the cyber security secure network design risk assessment which we're going to talk about risk assessments which is a very key component or Cornerstone of a 62443 program and then if you get all four of those certification exams you become what they call a Isa I 62443 cyber security expert it does not make you an expert in anything I hate the name right it takes you what 10,000 Plus hours to truly become an expert in anything you know this is maybe I think these are you know two to three days average a course I think most of them are two days so you're not going to become an expert in anything in you know8 nine or 10 days so I think the the name is a little misleading and really the courses are mostly written for teaching cyber security like it cyber security Basics to OT professionals and it they course they talk about the 62443 standard as well that's probably about 25 maybe 30% of the course courses right but again it's just try to level set expectations but it is the one that most people gravitate to think because it's the most widely recognized internationally as well as like here in the United States and it's probably the most cost effective cuz these classes if you're an Isa member which is like aund I think what $25 or so to sign up for again in US dollars but um the courses themselves I think all four put together is like $7,000 or I think they're like $1,600 each um which might sound like a lot and and I get it still is is a lot of money but compared to the Sans courses the sand courses now are are about $10,000 to take each class and the corresponding certification exam and they go up about 10% every year so uh they could be a lot more by the time you know somebody's listening to this video down the road I hate to say but the gicsp is kind their entry level into the control system uh world I took that about 10 years ago it was great course with Justin surl and great class though and the best thing actually for me really wasn't even necessarily the content it was just I the room was had about 100 people in Las Vegas 50 of us were from it and 50 of us were from OT and so the best part of that class really was getting a getting to talk with different people from working on all these environments and I remember there was a gentleman in the front row that asked this question you the first morning it's just a really basic networking question and I was kind of like wow I can answer that I I felt so smart but then I realized it was just the way he asked the question it just was a completely different way of looking at something and I realized then it was wow it and OT like we're we're looking at the same thing it's just we look at it very very differently so if you're coming from it we have to you learn to think like engineers and learn to look at things from the OT perspective or or vice versa if you're coming from OT and then learning how to look at things from that it perspective and then we can meet in the middle and that's where we can do that or over time we have people like I like to think of myself that now kind of have one foot in both World worlds and can be kind of a over kind of a a overall you know cyber security practitioner you know from from both worlds and that's where we need to get to to truly protect our OT environments because remember the OT environments are always talking with it environments and almost every it environment is talking with the internet so there's a lot of risk so again this is what we're going to be talking about in this course is how do we protect those environments the grid course to me is the best course you could ever take to learn how to protect OT environments that's actually the class that Rob Lee actually wrote and he still teaches it a couple times a year so he literally is in class still teaching it I took it um in 2017 and when I was in class with him it was when the tcis incident was happening and that was actually one of those big events in the industrial control world so it was really fascinating that you know some of us would go to dinner at night or have conversations on the side and he would be sharing with us thing a little play byplay um you behind the scenes as what was going on so there would be some things we can uh can share as as we go along but uh and even that class at $10,000 just if if it's something that you could afford I strongly suggest you make every every um effort to go take that class with Rob in person because to again really to sit in the room with the world thought leader in industrial control cyber security and be able to ask him questions is it's Priceless so I'm think about just retaking it because it's been it's been a while since I've taken it and it's they've changed the course they've just changed the labs and again just to be able to to work with him and ask questions to have that I mean it's just still an amazing opportunity and nothing against the other people that that teach the class as well I just 10,000 is a lot of money so uh Gip I actually took that as part of my s's Masters course that's it covers the nerk sip uh certification uh standard so if you work in power transmission or generation in North America and Canada then you your facilities have to be nerk sip certified and so the course really teaches about nerk siip and it's mostly I hate to say it and I love Tim Conway who wrote the course um does a lot of of work in power and help investigate do and the the power outages in in the Ukraine um so it's a very important course for those that work in power the CL the the test itself though is it was really a test about auditing the the certification so not necessarily my my favorite but um you know Tim's definitely one of my my uh favorite control system folks for sure and just like raw just really great great people so so those are the three courses again if you get the opportunity to take the course with Roby you it's still worth the $10,000 if if you have it to spend um and then there's the gicsp which is an introduction there a lot of people um don't necessarily go that because I think at this point in time there's a lot of content out there they might feel like like this course maybe you don't need to go take the gicsp if you can get you know at least some of that at this course again we're we're only doing 20ish hours uh we're not covering the 40 plus that you get out of the gicsp but it's it's a start and it's free compared to the $10,000 so and then Gip again is is for if you work in nerk zip environments power generation and transmission in in the US and in Canada again there's a couple other certifications out there I don't have any personal experience with these but there's Exodus we have Engineers that at the office that have some of these certifications so um they're lower cost they're more along the lines of the ISA IEC courses and I've heard um you good things about the content it's it's like the ISA 62443 classes as well there's you know they're two or three days so they're not teaching you everything you know as compared to when you go to Sans because Sans courses are usually five six days and they they can run like 12 hours a day so you with exent two varland it's they're more affordable and for the information you get what has been explained to me is it's good information again it's not a super ton ton of information but it's it's really solid information and it's more cost effective than some of the other Solutions so two of Ryland since they're based out of Germany you see this a lot more uh certification for people in Europe where I think EXA is a little bit more us-based so that's usually what I typically will see but and then just other training so cisa the cyber security and infrastructure Security Agency which is based out of the United States they also work heavily with Idaho National Labs so anything IC cyber security related kind of in the US typically comes out of inl but they actually have free courses online so there's not a necessarily A certification goes with them but they do a lot of free training and they used to have to do in person I think you might have even had to be a US citizen but I think with Co they changed a lot of that so they just opened it up PR to anybody to to be able to take the courses so also take advantage of of those classes as well so you can go to cisa.gov and and find all the the online courses so the rest of this section as we wind down we're going to talk about just some additional resources and and we'll be referencing a lot of these as as we go throughout the other courses but I did want to get them out uh ahead you know in the beginning of the class cuz mandatory reading I tell everybody if you're working especially in OT cyber security well one you have to look at the Verizon data breach investigations report the the one on the left hand every year that's where Verizon now this is it based they look at all the it networks and all the incidents and breaches from the previous year and look at patterns and looking for metrics to understand what's going on in that previous year so how can we be better cyber security Defenders remember most it or most attackers that get into OT networks come through the it Network so it's important to understand as OT cyber security Defenders what's going on in the IT world and then we also definitely need to understand what's going on in in OT specifically and so that's where dros comes in so every year they do their year in review report so same same thing like Verizon for it but dros does specifically for OT and so that's where we'll see with uh specific to OT networks it's great information we'll be talking about some of that as as we go throughout so where you look at I think they you some of the the content they mentioned if it's just off the top of my head but I remember something like uh for all their pin testing engagements like 70% of the time it's really easy for the pin testers to break into the OT network from from the it side of the house right which is which is concerning or that uh roughly about 50% of the networks that they went into didn't have proper network security monitoring set up which is also very concerning because if you don't have proper network security monitoring set up whether it's you have it at all or if it's set up but it's not done effectively then how are you going to know if an attacker is in the environment you're not so you get a lot of interesting fascinating information out there that you can use from practical perspective they say oh we're not doing this today but but we need to be so a couple other resources so there's some great podcasts out there that I listen to um I'm actually now shifting myself over to the right because I started listening like control loop from dros it's becoming a little bit more marketing these days though so not as practical which is a little little disappointing so hopefully it changes but um there's the UNS IED response from Dale Peterson who he runs the sort conferences that we'll talk about um so he's always thinking about the future of control system cyber security so what's coming next what's coming down you know 3 four five years down the road so I'll probably never be on his podcast because I'm I'm about protecting the here and now so sure it's great to understand what's coming but I I want to get the job done today not necessarily three or four or five years down the road so uh the c toay or you see the it's control system cyber security Association that's run by Derek harp uh they have a great podcast they always have different practitioners from the field come in and and talk um every week so you can learn something about different sectors so it's really really great show that's kind of the same format that the other ones um follow so waterfall um or sponsors the industrial cyber security podcast that's hosted by uh and gter and so I've listened to that one for that's the one I've listened to for the the longest and bring in different um uh guests to talk I actually recorded my episode with Andrew uh last week which was really exciting so I'm going to be the first guest of 2024 uh when they release the the podcast that was really exciting um and then I was just on the protect OT cyber security podcast as well from Industrial Defender with Aaron Crow uh and and that was another great conversation talked about how to get into get into iot cyber security Aaron has a a background kind of little bit of it and he worked in power his dad had worked in power PL plants uh so it was kind of part part of his you know in the in his DNA but uh there a lot of similarities in in kind of our our backgrounds and can kind of build off of that like shared experience but different at the same time so so a lot of great like I said I'm leaning more towards now the protect OT and Industrial security and then the the CSA ones just cuz I like to hear from all the different practitioners because they're just bringing Real World experience and understanding like here's the Practical tips of how you do the job right that's what I'm always looking for so I think that's what I I typically gravitate to uh there's some great people to follow on LinkedIn and there's other social media I get I just do LinkedIn now um I say you robly which you mentioned Tim Conway who wrote nerk and he's he's you know huge in power uh also you know Works kind of leads the IC program at s with with raw mentioned Dale Peterson at S4 he's you the guy that always thinking about what's coming in the future you and people need to do that for sure you know um Derek harp who runs C TOA and then Leslie carart they are uh lead instant response at least now I think in North America for dragos so so that's where they work the the one thing I was starting to think of is that some of these folks that which are great you know knowledgeable experts in the field they don't they're not very necessarily active on LinkedIn though so I also put together a link or a list of people who are on very active on on LinkedIn so I'm not going to read these to everybody and I kept Rob on there and you can see Derek's still on the the list um so you can see you know who's on both list and kind of follow them uh but I think there was a great representation from people you know all around the world men and women and so I think there's a really great diverse group here from all different types of backgrounds uh like Don Capelli runs Ott for dragos which is a open Initiative for for especially mostly focused for small mediumsized uh OT environments to come get free free help um so a lot of great information out there um you Tony Turner who I've met through LinkedIn but through I remember when I went to S4 this year finally for the first time and in the forums where people just were talking about all these different you know topics and questions before the conference he was in there answering everybody's questions like an every form so I was really impressed and you'll see if you look him up like on LinkedIn he really is a a very knowledgeable expert in the community that just wants to help people like it like everybody else here so uh definitely uh check them out if if you're on LinkedIn uh conferences we wanted to mention real quickly so the one conference that I go to every year by far is the Sans IC Summit I think it's in March may or may March April time frame now these days it's just two days plus you can do the training as well so like for another five days but um the two days is just um going in for presentations Rob and Tim Conway are co-chair and you see of course all the other Sans IC instructors and other people in the community I think this last year was 5 600 people probably maybe a little bit more than that um I think for me the big moment probably for most people was they brought the the ceso or the CIO actually from ukro which is the power company in the Ukraine and he he actually flew out to talk to you know these 6 7 800 people that are hanging out at a conference literally at Disney World and and then he was getting back on a plane to go back to the war the the next day it was pretty pretty awe inspiring so I you can probably tell I get a little choked up every time I think about it so uh S4 um definitely is a great conference to see I think there's about 12 13,400 people that go there it's probably one of the larger you know cyber security uh conferences for Control Systems uh and that's in Miami every year in now I think uh the next one is in March early March so uh I'll definitely be there I already got my ticket so uh CS 4ca I actually set on The Advisory board for them and so I'm really excited to get to go that's going to be in I think Austin in or Houston in uh March 2024 so really excited about that and the ICS Village they do a lot of different conferences so they're at like Defcon and blackhead and and some others I'm trying to work with them to get them at our local bids hopefully for next year cuz we're going to have a a track or an entire day dedicated for icot cyber security uh dros disc I went to dros that's their one-day conference it's mostly for clients and partners so uh and they they present all of their research which is really really great so it was really great and and gets the a lot of people get see a lot of people I've met on LinkedIn for the first time in in in real life so that was a lot of fun so the local bides conferences they pop up everywhere like said I mentioned I run the the local Greenville one so a lot of I talk at Green besides Augusta in Georgia not not long ago uh on as you might imagine industrial control cyber security so you can find those types of events everywhere so cyber Senate are smaller events run by um Jameson his last name is blanking on me he but um but you know you get 50 60 people but really quality events and the people that are there are just absolutely amazing some of the best talks I've had with people um at conferences ever so I've been really excited about those um and then hack the capital which kind of goes along with the IC Village folks uh where that's their um dedicated cyber security conference in DC so and there there's some others definitely out there but those are the big ones for me and I'm definitely always at the Sans IC Summit and S4 now and Cs forca and then try to get to as many of the other ones as as possible so and then finally we'll get to the end uh if you are looking for other resources that I put together so I have my h.com that's kind of the main clearing house I guess you can go to now for all the different links I have a GitHub repository that's where you can find all the references that we talk about in the the course and then also the well YouTube channel which you're obviously watching right now so I don't necessarily know if I need to list that out but you usually if I'm teaching this for other groups it probably makes sense so and the last slide I also have a Weekly Newsletter if you want to sign up you can find the link on my website or or on my my LinkedIn profile and it just comes out on Sunday since real quick practical like three quick things about here's my top post from the week here's my uh here's a maybe a top podcast I listen to or article I you know read that I thought was really useful and and that's it nothing nothing crazy so just things to to help people so so that's it to finally wrap up the entire introduction so like said I kind of throw try to throw everything in the kitchen sink in the very end but I wanted to make sure to highlight those resources before then we jump into the the rest of the course and start learning about securing industrial control environments so thank you again for tuning in and uh I'll see you in unit two