Stephen Mathezer

Stephen Mathezer is a SANS Certified Instructor and an industry veteran with extensive experience in IT, OT, and cybersecurity. As an expert in industrial cybersecurity, Stephen teaches ICS410: ICS/SCADA Security Essentials, where he shares his deep technical knowledge and real-world experiences with students who secure critical infrastructure. "One of the things I love most about teaching ICS410 is that it brings together people from so many different backgrounds. It's incredible to reach people with a variety of backgrounds across industries and disciplines, including IT, OT, governance, and technical cybersecurity." 

His career began in software development where he worked on deep network and operating system internals. "I've always loved the 'Easter egg hunt' that seems to be inherent in IT and cybersecurity. The process of problem-solving and the thrill of finding the solution, that’s what drives me," he shares. His transition into cybersecurity led him to the oil & gas industry where he began in a network/security operations role, before expanding his expertise into OT environments and ultimately, his scope to all cybersecurity functions company wide. 

His extensive fieldwork and ability to build trust with operators and engineers makes him uniquely qualified to teach ICS410. "If people don’t trust you to value their operations as much as they do, you won’t be successful. Relationships and trust are as important as technical solutions," he says. 

Stephen has conducted over 500 security engagements, from penetration tests to security assessments for industrial organizations. He brings real-world lessons from those engagements into his classes, making sure his students leave the classroom with both the knowledge and hands-on skills they can apply as soon as they return to work. 

Stephen's contributions to the cybersecurity community extend beyond the classroom. He supports local security meetups, BSides conferences, and WiCyS initiatives. "I try to present whenever I can and support the local community. Helping people new to the industry break in is one of the most rewarding aspects of my career." He is also passionate about mentoring those looking to step into public speaking within the cybersecurity field. "I try to find ways to support newcomers in taking the leap to put themselves out there and present publicly. If somebody wants to take that leap, I’ll do whatever I can to support them—from helping with ideation and even co-presenting to help reduce their stage fright.” 

His journey with SANS began in 2004 when he took his first course. "I learned so much from that one course that I wanted to keep coming back for more. I had never experienced anything like it before," he recalls. As a mentor, he discovered his passion for teaching. "Mentoring quickly showed me how much I enjoyed being in a classroom setting and helping others discover the magic I was learning from SANS." 

Stephen has worked on numerous high-impact cybersecurity initiatives, including leading the development of an OT security program from the ground up. Over the span of seven years, he and his team transformed a fully integrated IT/OT environment with no meaningful separation or OT security measures into a robust and secure infrastructure. This effort involved rearchitecting the network, establishing governance, and implementing a comprehensive suite of security controls, many of which align with the concepts taught in the SANS ICS410 course. A crucial aspect of this initiative was securing buy-in from stakeholders, ensuring security measures were effective and operationally feasible. A large-scale re-architecture and re-implementation of a large, distributed industrial environment encompassing more than 100 sites without disrupting operations. "This project was about more than just technology. We had to build trust with field personnel, understand their needs, and ensure our security measures and our approach aligned with operational realities," he explains. Achieving these objectives without disrupting operations was a significant challenge, requiring careful planning, collaboration, and a deep understanding His ability to navigate the complexities of both IT and OT environments has been a defining element of his success. 

As a lead architect, he was responsible for a large-scale organizational transition, replicating the OT environment and seamlessly migrating over 50 operating locations to a new, independent network. The challenge required not only technical execution but also meticulous planning to ensure operations remained uninterrupted.  

Another career highlight is transforming a once-vulnerable industrial client into one of the most resilient organizations through years of consultation and continuous security improvements. "One of my first pentest clients went from an easy target to one of the hardest nuts to crack. Seeing that growth is what cybersecurity is all about." 

Beyond work and teaching, Stephen supports cybersecurity education and community initiatives. He participates in security conferences, mentors aspiring professionals, and contributes to thought leadership in ICS security. "For me, the best part of my career is watching my students go on to do great things. Nothing compares to that." 

Stephen Mathezer brings a wealth of experience and a passion for cybersecurity education, helping students develop the critical thinking and technical expertise necessary to protect industrial environments. His practical, engaging approach ensures they leave with the confidence to apply what they’ve learned in the field.