FREE Purple Team Summit | May 24-25: Explore collaboration approaches that maximize value of red and blue teams. Register now!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Canadian Webcast Series Part 3: ICS Defense: It’s Not a “Copy-Paste” From an IT Playbook & Importance of Intrusion Detection in a Compromised Prone World

  • Thursday, March 08, 2018 at 3:30 PM EST (2018-03-08 20:30:00 UTC)
  • Nik Alleyne, Dean Parsons

You can now attend the webcast using your mobile device!



Join SANS in a series of webcasts offered by our top Canadian instructors. Topics will cover Security Management, Cloud Security, CIS 20 Critical Controls, Penetration Testing, Digital Forensics and Industrial Control Systems Security. Be sure to join SANS at one of our many Canadian training events in 2018

Industrial IoT (IIoT) - What are the biggest threats and how are you dealing with them? Take the SANS Industrial IoT Survey and enter to win a $400 Amazon gift card.

Dean Parsons Presenting: ICS Defense: It's Not a "Copy-Paste" From an IT Playbook

Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. Dean will touch on 5 discovered ICS targeted malware and how to get the most out of the ICS Active Cyber Defense Cycle. The ACDC is key to detecting and neutralizing the adversary while continuing to maintain the safety and reliability of ICS operations. Also discussed, are tips to smooth IT and OT convergence that promotes an effective ICS security program for reliable data acquisition and ICS incident response.

Nik Alleyne Presenting: Importance of Intrusion Detection in a Compromised Prone World

What is meant by intrusion detection in a comprise prone world? 

According to dark reading there were 4.2 billion records exposed in 2016. 

According to risk based security, for the period Jan 1, 2017 to September 30, 2017 there were over 3,833 incidents resulting in over 7 billion+ records being exposed. 

Considering the above, intrusion detection and specifically SANS SEC503: Intrusion Detection In-Depth training, makes detecting these breaches much easier.

Speaker Bios

Dean Parsons

Dean Parsons is a SANS instructor for ICS515: ICS Active Defense and Incident Response, a member of the SANS/GIAC advisory board, an active member of the cybersecurity community, and OT Cyber Security Officer. With 20 years combined experience in IT, Industrial Control System cyber defense across the telecommunications to critical infrastructure sectors, Mr. Parsons lead's an active ICS Cybersecurity Program for an electric utility in Canada across facilities for generation (hydro, thermal, gas turbine), transmission and distribution.

As an ICS security practitioner and ambassador for safety and operational resilience, he frequently speaks at high-profile cybersecurity events across North America, and has a natural way of engaging his audience.

His enthusiasm in the field started at an early age writing ethical hacking tools on his custom compiled versions of Linux; password crackers, host-based intrusion detection systems, network sniffing tools, smart port scanners, kernel modules and exploits. Any given day Dean could be dissecting packets from plant operations, writing policies, or presenting to a board of directors.

Dean earned a bachelor’s degree in computer science from Memorial University of Newfoundland and holds the CISSP, GSLC, GCIA and GRID accreditations.

Nik Alleyne

Nik Alleyne is a SANS Certified Instructor with over 20 years in IT, with the last 10 years being more focused in cybersecurity. He is currently the Director of Business Development for a Managed Security Services Provider (MSSP), where he is responsible for leading multiple teams supporting various security technologies including IDS/IPS, Anti-Malware tools, proxies, firewalls, SIEM, Cloud, and WAF. Nik teaches both SEC503: Intrusion Detection In-Depth and SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling for SANS and is a published author of two books Hack and Detect and Mastering TShark Network Forensics. More about Nik.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.