SANS ICS Security Summit & Training 2026

Mon, Jun 8 - Tue, Jun 16, 2026
8 Courses
18 CPEs (Summit Only)
1 NetWars Tournament
English

Disney’s Contemporary Resort & Virtual (ET)

4600 North World Drive, Lake Buena Vista, FL 32830

Jump to:

Event Highlights
Courses
Speakers
Sponsors
Schedule
Location

Summit: June 8-10 - In-Person Only | Training: June 11-16 - In-Person & Live Online | Summit Co-Chairs: Tim Conway and Robert M. Lee | In-Person CPE Credits: 18

Get up-to-speed on the latest methods and techniques for safeguarding industrial systems and operational technology.

Slide 1 of 2
Slide 2 of 2

The SANS ICS Security Summit offers something for everyone—from introductory learning for those new to ICS/OT security to advanced insights and techniques for seasoned practitioners and leaders. Join us at Disney in Orlando to experience immersive workshops, in-depth talks, and practical takeaways led by the industry’s top experts.

Create core memories with your peers in the ICS/OT community and your family during a magical getaway. Extend the experience with world-class training courses immediately after the Summit to further build your expertise. Don’t miss this one-of-a-kind opportunity in Orlando!

*Exclusive Offer: All SANS ICS Security Summit 2026 registrants will receive ICS310: ICS Cybersecurity Foundations course OnDemand for Free (a $499 USD value.) — Access granted prior to the Summit.

"A great way to get a wide variety of ICS Security content and meet others fighting the same fight." - Justin Opatrny, General Mills, Inc.

Where the ICS/OT Community Comes Together

The ICS Security Summit was founded by Michael J. Assante, alongside SANS Founder Alan Paller, to unite those protecting the technologies that power industry and sustain our modern way of life. What began as a bold idea has become the global gathering place for ICS defenders—a community bound by shared purpose, real-world experience, and a relentless drive to secure critical infrastructure and the essential systems that keep operations running everywhere. Each year, when we come together, we don’t just continue Mike’s legacy—we strengthen it, forging new connections and advancing the mission of safeguarding civilization for generations to come.

What Attendees Say

Slide 1 of 4
Great speakers, great content, and fantastic opportunities to talk with others in the industry about issues we're all facing!
John Fruge
Slide 2 of 4
Anyone responsible for U.S. ICS Security needs to attend this event every year. It's beneficial because it identifies and educates on current and real threats. The SANS Summit informs and educates at multiple levels—strategic, operational, tactical, etc.
Bill Peterson
Slide 3 of 4
As my first ICS Summit it truly felt like being at a family reunion with a wonderful family I didn’t know I had — warm, collaborative, and passionate about the same mission. As a remote worker, I made more meaningful connections in that one week than I would have in years otherwise. My first thought upon wrap-up was: Time to start working on funding to get back there in 2026! Truly well done!
Bill ProvostThe Hershey Company
Slide 4 of 4
The Summit was fantastic. The accessibility of the speakers before and after the event makes this so much better. This experience is invaluable and cannot be replicated anywhere else. I have every intention of attending next year.
Harold Fisher

Summit Highlights

SANS Instructor-Led Workshops

Workshops include talks, live demonstrations, and select hands-on labs leveraging Operational Technology (OT) devices and applications, giving attendees practical exposure to the tools and environments used to secure critical infrastructure.

SANS ICS Security Summit 2026: Men Standing Together In Summit Room

In-Depth ICS/OT Security Talks

The industry's top ICS/OT practitioners will share their latest research, solutions, tools, and case studies.

SANS ICS Security Summit 2026: Men Giving a Presentation on Stage

Unmatched Networking with the Top Minds in ICS/OT Security

You’ll have the chance to engage with Summit Chairs, speakers, and your peers in the community for deep-dive discussions, and casual chats over breaks, meals, and evening receptions.

Solutions Expo Hall

Explore the latest tools and solutions in ICS/OT security.

SANS ICS Security Summit 2026: Two People Collaborating On a Project

World-Class SANS ICS Security Courses

Enhance your knowledge base and add to your toolkit by bundling your Summit experience with a hands-on, immersive course taught by top SANS instructors and course authors.

Register

Summit and Course Registration

from $3,505 USD

In personIncludes

Course: Live Instructor Training with Hands-On Exercises
Course: Students taking a 4-6 day course will be able to participate in ICS-focused NetWars
Summit: Talks, Presentations and Workshops
Summit: Unmatched Networking
Summit: Evening Reception
Summit: Access to Summit Exhibit Hall
Summit: Lunch and light refreshments will be provided during the event and scheduled breaks
Summit: Exclusive Offer - Receive ICS310: ICS Cybersecurity Foundations course OnDemand for free

Select course to Enroll

Live onlineIncludes

Course: Virtual Live Instructor Training with Hands-On Exercises

Select course to Enroll

Summit Registration Only

from $925 USD

$925 USD*Prices exclude applicable local taxes

In personIncludes

Talks, Presentations and Workshops
Unmatched Networking
Evening Reception
Access to Summit Exhibit Hall
Lunch and light refreshments will be provided during the event and scheduled breaks
First Access to Approved Recordings and Decks
Summit: Exclusive Offer - Receive ICS310: ICS Cybersecurity Foundations course OnDemand for free

Attend In PersonLogin to register

Important Dates

Refund Deadline:: May 22, 2026
Hotel Group Discount Deadline:: May 11, 2026

Courses

Looking for Group Purchasing? Contact Us

Showing 8 of 8

Filter by:

SEC504: Hacker Tools, Techniques, and Incident Handling

SEC504Offensive Operations

GIAC Certified Incident Handler
6 Days
38 CPEs
James Leyte-Vidal

Starts 11 Jun 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

ICS410: ICS/SCADA Security Essentials

ICS410Industrial Control Systems Security

Global Industrial Cyber Security Professional
6 Days
36 CPEs
Justin Searle

Starts 11 Jun 2026 at 8:30 AM ET
$9,230 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

ICS515: ICS Visibility, Detection, and Response

ICS515Industrial Control Systems Security

GIAC Response and Industrial Defense
6 Days
36 CPEs
Robert M. Lee

Starts 11 Jun 2026 at 8:30 AM ET
$9,230 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

ICS456: Essentials for NERC Critical Infrastructure Protection

ICS456Industrial Control Systems Security

GIAC Critical Infrastructure Protection
5 Days
31 CPEs
Tim Conway

Starts 11 Jun 2026 at 8:30 AM ET
$7,650 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

ICS612: ICS Cybersecurity In-Depth

ICS612Industrial Control Systems Security

5 Days
30 CPEs
Jeffrey Shearer

Starts 11 Jun 2026 at 8:30 AM ET
$9,230 USD (Course)
*Prices exclude applicable local taxes

View course details

ICS418: ICS Security Essentials for Leaders

ICS418Industrial Control Systems Security

2 Days
12 CPEs
Dean Parsons

Starts 11 Jun 2026 at 8:30 AM ET
$3,505 USD (Course)
*Prices exclude applicable local taxes

View course details

ICS613: ICS/OT Penetration Testing & Assessments

ICS613Industrial Control Systems Security

5 Days
30 CPEs
Tyler Webb & Don C. Weber

Starts 11 Jun 2026 at 8:30 AM ET
$9,230 USD (Course)
*Prices exclude applicable local taxes

View course details

SEC502: Cloud Security Tactical Defense

SEC502Cloud Security

GIAC Cloud Security Essentials
5 Days
36 CPEs
Kenneth G. Hartman

Starts 11 Jun 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

Summit Chairs

Tim Conway

SANS ICS Curriculum Lead at SANS Institute

SANS Fellow Tim Conway, co-author of ICS456, ICS310, and ICS612, blends decades of hands-on ICS/OT security and compliance expertise with ongoing frontline consulting, helping students turn complex industrial challenges into practical skills.

Learn more

Robert M. Lee

CEO at Dragos, Inc

SANS Fellow and Dragos CEO Robert M. Lee, author of ICS515 and FOR578 and co-author of ICS310, teaches from landmark industrial cyber investigations, turning real adversary tradecraft into visibility, detection, and response skills in OT.

Learn more

Thank You To Our Sponsors

Schedule

Showing 1 of 62

Filter by:

Select day:

Credential Pick Up

04:00PM - 05:00PM EDT

In-Person

Breakfast & Credential Pick-Up

07:30AM - 09:00AM EDT

In-Person

Opening Remarks

08:45AM - 09:00AM EDT

In-Person

Presented by

Tim Conway

SANS ICS Curriculum Lead at SANS Institute

Robert M. Lee

CEO at Dragos, Inc

Keynote | Fragile Lifelines: Navigating a World of Continuous Cyber Warfare

This keynote will explore the high-stakes intersection of geopolitics and critical infrastructure protection in an era where cyber conflict is no longer an occasional event, but a constant state of global competition. Participants will hear how nation-states leverage "low and slow" stealth tactics to pre-position themselves within vital networks—such as energy, water, and transportation—transforming essential services into instruments of geopolitical leverage.

09:00AM - 09:40AM EDT

In-Person

Presented by

Brian Harrell

VP and Chief Security Officer at FirstEnergy

When AI Crossed the Air Gap: Shadow AI as an ICS Safety Risk

Industrial environments are not being compromised by deployed AI models, but by uncontrolled AI use by engineers, analysts, and vendors interacting with OT data. This session presents a real world case study where shadow AI introduced new risks to safety, availability, and integrity in an ICS adjacent environment.

09:40AM - 10:05AM EDT

In-Person

Presented by

Teri Green

Vice President of Technology at Elevate Energy

Designing a Defensible ICS Network: How to Achieve Context-Aware Microsegmentation

Network segmentation is a core requirement of a defensible ICS architecture, yet many OT networks remain flat or rely on segmentation approaches that are difficult to deploy and sustain. This session focuses on SANS Critical Control 2 (Defensible Architecture) and Critical Control 3 (ICS Network Visibility and Monitoring), presenting a practical crawl, walk, run approach to segmentation in industrial environments.

10:10AM - 10:35AM EDT

In-Person

Presented by

Jose Avila Gomez

Solutions Engineer: Industrial Networking and Cybersecurity at Cisco

Break

10:40AM - 11:00AM EDT

In-Person

Architecture That Leaves PowerPoint: Practical Purdue in Real Factories

Many industrial architectures never move beyond diagrams, often dismissed as too complex, too expensive, or too risky for production environments. This session explores the practical, iterative deployment of the Purdue Model in brownfield factories,

11:00AM - 11:25AM EDT

In-Person

Presented by

Nick Ford

Associate Director, Connected Factory at Raytheon

Consequence-Driven Cyber-Informed Engineering (CCE) in ICS Environments

This talk will focus on introducing a novel idea on Consequence-driven Cyber-informed Engineering championed by Idaho National Labs in USA.

11:30AM - 11:55AM EDT

In-Person

Presented by

Prashant

Senior Cybersecurity Advisor at Enbridge Inc.

From C2 Dead-End to Covert Access: SSH Tunneling Through DNP3 Virtual Terminal Objects

We built command-and-control over DNP3. Then we realized we'd solved the wrong problem.

12:00PM - 12:25PM EDT

In-Person

Presented by

Tyler Webb

Principal Penetration Tester at Dragos, Inc.

Lunch

12:25PM - 01:30PM EDT

In-Person

Bringing the Fight to the Edge: What 61,000 OT Firewalls Telemetries Reveal About Early and Predictable ICS Attack Behavior

Defenders of industrial control systems are often focused to respond late in the attack lifecycle, after adversaries have already reached sensitive operational environments. This session presents findings from Palo Alto Networks’ OT Threat Research Lab based on large-scale analysis of 2023/2024/2025 security telemetry collected from more than 61,000 firewalls inspecting industrial application traffic.

01:30PM - 01:55PM EDT

In-Person

Presented by

Adam Robbie

Head of OT Threat Research at Palo Alto Networks

When Governance Fails on the Plant Floor: Deconstructing Real ICS Incidents and Rebuilding Security that Actually Works

Industrial Control Systems rarely fail because of “advanced hackers.” They fail because governance, engineering, and security do not meet where real work happens.

02:00PM - 02:25PM EDT

In-Person

Presented by

Elena Bobkova

Senior Lead Auditor at Det Norske Veritas

Rehearsing the End of the World: A MITRE Led TTX on Protracted Cyber Conflict

MITRE recently hosted the Critical Infrastructure Cybersecurity Tabletop Exercise (CICS TTX), bringing together approximately 200 participants from 70 organizations—including federal, state, and local governments, emergency managers, and industry representatives from pipelines, electricity, IT, communications, and rail—across five metropolitan areas.

02:30PM - 02:55PM EDT

In-Person

Presented by

Mark Bristow

Director at Cyber Infrastructure Protection Innovation Center (CIPIC)

Break

03:00PM - 03:20PM EDT

In-Person

Workshop | New to ICS/OT | Navigating OT Connectivity & Security in the Cloud Era

In this workshop, Gordon Moreau and Jeff Shearer will provide an introductory understanding of OT security in the context of integration with cloud computing.

03:20PM - 05:20PM EDT

In-Person

Presented by

Jeffrey Shearer

IANS Research Faculty Member at IANS

Gordon Moreau

Director of Cybersecurity Architecture at Grainger

Workshop | New to ICS/OT | The Value of Visibility for ICS Incident Response

03:20PM - 05:20PM EDT

In-Person

Presented by

Dean Parsons

CEO and Principal Consultant at ICS Defense Force, Inc.

Workshop | Practitioner | Securing Vendor Access in ICS

Vendor access is one of the most persistent and least honestly addressed sources of risk in industrial environments. This two-hour instructor-led workshop focuses on how vendor access actually works in ICS, from routine support to emergency response, system commissioning, and major maintenance events where security controls are often relaxed under pressure.

03:20PM - 05:20PM EDT

In-Person

Presented by

Tony Turner

VP, Product at Frenos

Workshop | Practitioner | Building Resilient Disaster Recovery Strategy in OT Through Practical, Hands-On Scenarios

Historically, the ICS/OT community has emphasized preventing threat actors from breaching parameter controls and entering the lower levels of the environment. Although these efforts were valiant, they ultimately failed, leading to ever-increasing security breaches.

03:20PM - 05:20PM EDT

In-Person

Presented by

Michael Hoffman

Field CTO – Oil and Gas at Dragos, Inc.

Saltanat Mashirova

OT Cybersecurity Lead at CPX

Workshop Track 3 Leadership | ICS Cyber Security Risk Assessments – Doing One Together

Being able to perform OT Cyber Security Risk Assessments is becoming more essential with each year. Drivers to perform a risk assessments vary: regulatory requirement, internal justification for modernization upgrades or simply to better understand operational risk and to communicate it further to leadership.

03:20PM - 05:20PM EDT

In-Person

Presented by

Paul Piotrowski

Senior ICS Security Engineer at Shell

Workshop | Leadership | You Can’t Patch People: Operationalizing EQ in ICS/OT Cybersecurity

Some ICS/OT cybersecurity failures occur because teams lack technical controls. More often, gaps occur because trust breaks down between cybersecurity, engineering, and operations. Emotional intelligence is not a “soft skill” – it is an operational capability that determines whether security programs succeed or stall.

03:20PM - 05:20PM EDT

In-Person

Presented by

Peter Jackson

OT Cybersecurity Manager at SGS