OnDemand Training - Best Special Offers of the Year Ending Soon - Learn More


To attend this webcast, login to your SANS Account or create your Account.

ICS Summit Solutions Track

  • Thursday, October 01, 2020 at 9:00 AM CST (2020-10-01 14:00:00 UTC)
  • Don Weber


  • Armis
  • Dispel
  • Revolutionary Security

You can now attend the webcast using your mobile device!



Earn four CPE hours for attending this virtual event.

Most organizations focus their information technology (IT) and operational technology (OT) teams on securing the control network and gathering as much information as possible. The tasks associated with improving brown field environments or engineering green field environments with the appropriate design requirements typically necessitates a large investment in project work hours. Solutions are often a conglomeration of technologies that are stitched together by sweat, creativity, and ingenuity. The end result is an influx of information that needs to be stored, correlated, analyzed, and monitored. The result is actionable intelligence that allows leadership to make informed decisions and improve the organizations security program in line with the direction and goals of the control network.

Many organizations would consider this a success, and it is. But this influx of information will, eventually, lead to the identification of anomalous events. These events will lead to the identification of malicious activity. What does your team do now? The incident responses plans for most organizations are geared to their corporate environment and assets. They are not consistent with the technologies and operational requirements of the control network. Organizations that fail to prepare their team to handle actual security incidents will experience increased downtime and difficulties returning to 100 percent production. Response and recovery is just as important to an organization as the deployment of technologies designed for prevention and identification.

How can organizations prepare their IT and OT teams to be ready for security incidents? What are the techniques and tools the teams can use to improve the identification, containment, and eradication of suspicious or malicious activities to improve response times and reduce recovery efforts? This briefing will explore these questions through invited speakers while showcasing current capabilities available today. Vendor presentations will focus on case-studies and specific capabilities that may improve communication and response activities during an actual security incidents.

Speaker Bio

Don Weber

Don C. Weber has devoted himself to the field of information security since 2002. He has extensive experience in security management, physical and information technology penetration testing, web assessments, wireless assessments, architecture review, incident response and digital forensics, product research, code review, and security tool development. He is currently focusing on assisting organizations secure their business and Industrial Control System environments through program reviews, security assessments, penetration testing, and training.

Don's past experiences encompass a wide variety of responsibilities. Senior manager of the incident response team and acting Director of the vulnerability / risk management program for a large media organization. Senior security consultant for a boutique security consultancy where he focused on penetration testing, hardware analysis, and wireless research of ICS technologies used in the energy sector. Senior consultant for an emergency response team providing incident response and forensic services to large, international corporations.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.