Mark Bristow

Mark Bristow was born to work in information security as he found his first bug in an ICS system at the age of 10. As a teen, he had a passion for technology and spent a lot of time exploring the possibilities of his computer and the nascent internet. Once he realized he could make a career out of this passion, Mark jumped at the opportunity to earn a Computer Engineering degree from Penn State. Mark loves the ever-changing landscape of security and views it as a puzzle that must be solved. He especially loves the challenges in ICS security as defending the systems where cyber meets physical means there is no greater success than a safe and effective process.

More About Mark


Currently Mark is the Director for the Hunt and Incident Response Team (HIRT) at Department of Homeland Secuirty's Cybersecurity and Infrastructure Security Agency (CISA) where he leverages his expertise in incident response, industrial control systems, network monitoring and defense to support national security interests. Before ICS-CERT was integrated into HIRT, Mark was the Chief of ICS-CERT incident response. In Mark's sixteen-year security career he has also worked for CSRA and Securicon where he supported a variety of private and public sector clients.

Mark has been on the front lines of headline grabbing incident response efforts such as the attack on the Ukrainian power grid, intrusions into US election infrastructure and Russian attempts to gain access to the U.S. power grid. Mark is a frequent speaker on industrial control systems security issues worldwide.

Mark's experience has led him to the path of sharing his knowledge and helping others learn to protect critical infrastructure. He loves teaching not only to help others, but because he learns something from his students in every class. Mark shares his real-world experiences with students so they can relate the information to scenarios in the field.

When Mark isn't defending ICS systems, he enjoys spending time with his family, working toward his pilot's license and SCUBA diving as much as possible.



ICS Asset Identification: It's More Than Just Security: A SANS Panel Discussion, July 2020


ICS Incident Response