SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Advanced ICS Cybersecurity: Moving Beyond Defense in-Depth to an Intelligence-Driven Approach

  • Thursday, March 12, 2015 at 1:00 PM EDT (2015-03-12 17:00:00 UTC)
  • Rich Mahler, Robert M. Lee, Michael Assante


  • Leidos

You can now attend the webcast using your mobile device!



ICS Cybersecurity in today's reality requires moving beyond defense-in-depth to effectively address the targeting of industrial controls systems (ICS) by advanced persistent threats (APT). Recent ICS-capable cyber attacks have demonstrated the need to develop capabilities beyond simple prevention strategies. ICS defenders will need to consider their security strategy and optimize for detecting intrusion attempts and identifying and responding to suspicious events with in the ICS and process. It is no longer sufficient to focus on "Prevention"; a prepared organization must detect and disrupt the types of attacks found in today's headlines.

During this webinar participants will learn:

  • Insight into APTs targeting ICS and critical infrastructure
  • Recommendations on how to move beyond firewall and defensive protections
  • How to use intelligence to combat targeted attack against ICS
  • How to apply the Cyber Kill Chain(R) methodology to reduce risk to your organization

Speaker Bios

Michael Assante

Michael Assante is currently the SANS lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security and Co-founder of NexDefense an Atlanta-based ICS security company. He served as Vice President and Chief Security Officer of the North American Electric Reliability (NERC) Corporation, where he oversaw industry-wide implementation of cyber security standards across the continent. Prior to joining NERC, Mr. Assante held a number of high-level positions at Idaho National Labs and served and as Vice President and Chief Security Officer for American Electric Power. Mr. Assante's work in ICS security has been widely recognized and was selected by his peers as the winner of Information Security Magazine's security leadership award for his efforts as a strategic thinker. The RSA 2005 Conference awarded him its outstanding achievement award in the practice of security within an organization.

He has testified before the US Senate and House and was an initial member of the member of the Commission on Cyber Security for the 44th Presidency. Before his career in security served in various naval intelligence and information warfare roles, he developed and gave presentations on the latest technology and security threats to the Chairman of the Joint Chiefs of Staff, Director of the National Security Agency, and other leading government officials. In 1997, he was honored as a Naval Intelligence Officer of the Year.

Robert M. Lee

Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is a SANS Certified Instructor and the course author of SANS ICS515 - "Active Defense and Incident Response" and the co-author of SANS FOR578 - "Cyber Threat Intelligence." Robert is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers, awarded EnergySec's 2015 Cyber Security Professional of the Year, and named to the 2016 Forbes' 30 Under 30 list.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert routinely writes articles in publications such as Control Engineering and the Christian Science Monitor's Passcode and speaks at conferences around the world. Lastly, Robert, is author of the book "SCADA and Me" and the weekly web-comic

"Rob is the best instructor I have seen. Real world examples, humor, time efficient, [and] effective."
- Toni Benson, Cyber Analyst

Rich Mahler

Rich currently serves as the Director of Commercial Cyber Solutions for Lockheed Martin. In this capacity Rich is the executive responsible for the delivery of cyber security solutions and services to commercial clients primarily in the oil & gas, utility, financial services, health and life sciences, manufacturing, telecommunications and IT industries. His responsibilities include business strategy, client account management, program management, product development, service delivery and professional and consulting services.

Rich has over 20 years of experience working with commercial, federal, defense and local government organizations to plan, analyze, integrate and deliver complex systems, with practical experience in cyber security, software development, system architecture, business development, consulting and program management.

Rich earned a BS in Computer Science from Villanova University and an MBA with a concentration in Entrepreneurship from the Pennsylvania State University. He is a member of InfraGard and is on the board of advisers for Drexel University's Computer & Security Technology programs.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.