Thomas Brandstetter

Prof. Thomas Brandstetter is a widely-recognized industrial cybersecurity expert, with 20 years of experience.
Thomas started his InfoSec career as a security engineer and penetration tester at Siemens, working on everything ranging from single controllers to entire industrial control and energy automation solutions.

Thomas became the founder of the Siemens Hack-Proof Products program, their earliest secure product development initiative. This job also led to his role as the appointed lead Stuxnet incident handler for Siemens in 2010. After having worked in both offensive and preventive security, he went into response and founded the Siemens Product Cyber Emergency Readiness Team, which is still one of the most effective industrial vulnerability and incident response teams worldwide today.

Since 2013, he is the founder and managing director of Limes Security, a well-established European cyber security company specializing in top-class industrial security consulting and secure software development coaching.

More About Thomas


Thomas has a passion for teaching security courses, as he is convinced that demand continues to outstrip available workforce by far. On the professional side, he is sharing his infosec experience as instructor at the prestigious SANS technology institute, where he has been teaching industrial control system security courses throughout Europe and the Middle East since 2015.

On the academic side, he is a Professor for IT Security at University of Applied Sciences St. Poelten, Austria, where he teaches various security courses at bachelor and master security programs. He also was appointed as Honorary Professor for Cyber Security at the esteemed Cyber Technology Institute of DeMontfort University Leicester, UK.

When not in classroom, Thomas still likes to spend as many days as possible in projects, supporting industrial vendors and operators to ramp up their security posture, where he has helped to establish and improve numerous industrial security programs and PSIRTs for multinational corporations.

Thomas presented at top-level security conferences such as Blackhat USA, Blackhat Europe, BSI Conference and SANS ICS summits. Besides speaker engagements, Thomas likes to actively contribute to the security community. He helped to establish the ICS villages at DEFCON and BruCON as well as the hackerspace Segmentation Vault. He is conference chair of the industrial control system cyber security research (ICS-CSR) conference series, program committee member of the ARES as well as SANS ICS conferences and director of the program committee of the annual IT Security Community Exchange (ITSECX) conference series.

He is the inventor of several security-related patents, holds the renown GSEC, GICSP and GRID certifications from GIAC as well as a CISSP, an academic degree in IT security from the University of Applied Sciences Hagenberg, Austria and a Master's degree in business administration from the Universities of Augsburg and Pittsburgh.


(in)Security in Building Automation: How to Create Dark Building with Light Speed