Attend OSINT Summit for FREE on Feb 11-12 and enjoy expert talks on the latest techniques and tools for gathering and analysis.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

ICS Security and Asset Identification: A SANS Roundtable

  • Tuesday, September 15, 2020 at 3:30 PM EDT (2020-09-15 19:30:00 UTC)
  • Mark Bristow, Del Rodillas, Xu Zuo


  • Palo Alto Networks

You can now attend the webcast using your mobile device!



The importance of cyber threat intelligence and data source gap identification within critical infrastructure cannot be understated. As digital technologies proliferate within industrial applications, essential functions and networks become exposed to increasing cyber risk.

In this webcast, SANS instructor Mark Bristow will be joined in a conversation with Palo Alto Networks centered on the importance of asset identification and its role within ICS security. This encompasses lessons from the new SANS report, ICS Asset Identification: Its More Than Just Security, and advanced guidance on how to extend security capabilities within your critical infrastructure. 

Join us in this roundtable conversation that covers lessons from the research paper, and further conversation on the following:

  • How new AI/ML-based passive asset detection methodologies use crowd-sourced device intelligence to help with accuracy and flexibility
  • How to realize Zero Trust device-level policy by using advancements in next-generation firewall technology, providing asset identification, risk assessment, and enforcement all in the same device

Register today to receive the associated whitepaper written by SANS ICS Active Defense and Incident Response certified instructor Mark Bristow.

Speaker Bios

Mark Bristow

Mark Bristow, a SANS instructor for ICS515: ICS Active Defense and Incident Response, is Branch Chief for Cyber Defense Operations at the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), using his expertise in incident response (IR), industrial control systems, network monitoring and defense to support national security interests. Before that, Mark was Chief of the ICS Cyber Emergency Response Team (ICS-CERT) incident response. He also worked for CSRA and Securicon, supporting a variety of private and public sector clients. Mark has been involved in high-profile IR efforts, including the Ukrainian power grid attack, intrusions into U.S. election infrastructure and Russian attempts to access the U.S. power grid.

Del Rodillas

Del Rodillas is the Director of OT Industry Solutions at Palo Alto Networks. He currently leads a global team of security architects focused on developing and evangelizing OT security architectures and solutions. His over 24 years of industry experience spans OT Cybersecurity, Networking, Aerospace/Defense, and High Tech Manufacturing with roles in strategic marketing and engineering. Del holds a Masters in Electrical Engineering from Santa Clara University, an MBA from the Wharton School of the University of Pennsylvania, and has been certified as a Global Industrial Cyber Security Professional (GICSP).

Xu Zuo

Xu Zuo is VP of Products, IoT Security at Palo Alto Networks. Xu joined Palo Alto Networks via the acquisition of Zingbox, the IoT security startup he co-founded in 2014. Before starting ZingBox in 2014, Xu was senior director of Aerohive Networks, where he launched Aerohive’s cloud-based Bring-Your-Own-Device (BYOD) security product. Prior to Aerohive, Xu was senior director of Aruba Networks, where he managed Aruba’s industrial and carrier product line. Xu joined Aruba through the acquisition of Azalea Networks, where Xu was a founding member and the VP of Software. Before Azalea networks, Xu was a senior engineer at Airespace, acquired by Cisco in 2005.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.