SANS ICS Summit & Training in Singapore

SANS Asia Pacific ICS Summit and Training 2013 – Singapore

If you have any responsibility for security of control systems – policy, engineering, governance or operations you won’t want to miss the Asia Pacific ICS Security Summit taking place 2-8 December 2013 where you will:

Learn all about the new Global ICS Professional Security Certification

Gain the most current information regarding Industrial Control System threats and learn how to best prepare to defend against them

Hear what works and what does not from peer organizations. 

Network with top individuals in the field of Industrial Control Systems security and return from the Summit with solutions you can immediately put to use in your organization. 

Listen to 15+ speakers from a variety of companies who will cover exceptional content throughout the two-day Summit.

Earn CPE credits for the summit and course you attend


ICS410: ICS Cyber Security Essentials, (Brand New course) – 4-8 December taught by SANS Faculty Fellow Dr. Eric Cole will provide a standardized foundational set of skills, knowledge and abilities for Industrial Cyber Security professionals. This course is designed to ensure that the workforce involved in supporting and defending Industrial Control Systems is trained to perform work in a manner that will keep the operational environment safe, secure and resilient against current and emerging cyber threats.

Agenda highlights for the summit include:

A Community Approach to Securing the Cyberspace to Enhance National Resilience

The Good, Bad and the Ugly: Certification of People, Processes and Devices 

SCADA Security Assessment Methodology: The Malaysia Experience  

The State of Critical Control System Security in Japan 

Smart Security : Strengthening Information Protection in Your ICS


To learn more about the Summit and Training, or register now and save 5% on your registration with code SANSICS_MSI5, please visit:

Three Talks Not To Miss at DerbyCon


Here are three talks not to miss this year at DerbyCon:

1. Bill Sempf (@sempf) presents a talk about pen-testing from a developer’s point of view. (PS – He has a stable talk too, catch it if you sell stuff in the Windows store) His work is great and he is a good presenter and teacher. Feel free to also ask him questions about lock picking in the hallways. He is a wealth of knowledge and usually friendly after a cup of coffee in the morning. Beware though, if he asks you to pick the lock to get to the pool on the roof… This talk is Saturday at 6pm. 

2. Definitely catch @razoreqx as he talks about how he is going to own your org in just a few days. If you haven’t seen his bald dome steaming while he drops the knowledge about the nasty stuff that malware can do now, you haven’t lived. I hear he also may give us a bit of secret sauce about what to expect from malware in the next 6 months. You might wanna avoid the first couple of rows of seating in this talk. He often asks for “voluntolds” from the audience and you might not look good in the Vanna White dress… His chrome dome presents on Friday at 7pm.

3. Don’t miss the Keynote by @hdmoore. His keynotes are always amazing and this time it appears he is going to teach you how to port scan the entire Internet, all at once and all in an easy to manage tool and timeframe. He probably will astound you with some of his results and the things he has seen in his research. It’s worth it! The Keynote is Friday at 9am. Yes, 9am in the morning. It rolls around twice a day now… I know… 🙂

Lastly, if you want to see me speak, you can find me on Friday at 1pm as I discuss and unveil the Stolen Data Impact Model (SDIM) project. Check it out! 

PS – There will be plenty of hallway talk and shenanigans at the con. Come out and sit down and chat. I can’t wait to talk to YOU and hear what you have to say about infosec, threats, the future or just what your thoughts are on life. Seriously… I love the hang out. So, drop down next to me and have a chat! See you this weekend!

 PSS – Yes, I might wear my “hippy hacker”/”packet hugger” shirt. Don’t scream “Packet Hugger” at me in the hallway, please, it hurts my feelings…. 

Hello from DayCon!

I have spent some time this week at DayCon in Dayton, Ohio. This is a small hacker conference, with attendance by invitation only. This year the event was focused on attack sources, emerging trends and new insights into the cutting edge of dealing with cyber-crime across many vertical markets and countries.

I speak later today, and I am focusing on the history of cyber-crime, the crime stream, the criminal value chain and how information coalesces before an attack. I look forward to my talk, especially given how engaged the crowd has been thus far with the other speakers. The hallway conversations have been great! 

Lots of variety in the speakers here, with professors, researchers, hackers and even some ICS/SCADA folks in attendance. Lots of good insights floating around and even a few new product ideas!

I’d highly suggest you check out DayCon next year.

PS – Also, looking at the calendar, we are prepping for DerbyCon next week. Come out and see us there. I will be speaking on the Stolen Data Impact Model (SDIM) project and other topics. Plus, as usual, we will be haunting the halls and swinging from the rafters! 🙂 See you in Louisville! 

SANS SCADA Security Conference & a DISCOUNT

SANS has allowed us to offer a 10% discount to our readers who attend their SCADA Security Summit. The event is being held in Orlando this year, February 12-13, with optional training courses wrapped around on both sides. We think this is a great event and we are proud to be able to help SANS promote it.

You can get your discount using the discount code: MicroSolvedSCADA

More information about the event follows below (Overview provided by SANS): 

More than 1,200 security analysts and process control engineers, from government and industry, have attended the SCADA Security Summits. That’s because Summits are the one place where the people shaping the future of control systems security come together to share the lessons they have learned and because the Summits give attendees unique, early access to important new information. This year’s program will be no different. If you have any responsibility for security of control systems – policy, engineering, governance or operations you won’t want to miss the 2013 Summit in Orlando, Florida.

 At the Summit you will:

  • Learn why control systems are so difficult to protect and arm yourself with clear case studies showing what’s been done and what can be done to protect SCADA and other control systems.
  • Learn the language of control systems so you can be of more help to the engineers who plan and deploy such systems.
  • Understand the requirements and constraints faced by owners and operators of automation systems. Determine the state of the art in control system security as a benchmark for your own future planning.
  • How to build an ICS security program and develop your team.
  • Better understand what government can and can’t do by learning the requirements, constraints and current capabilities available to secure critical control systems.

 For more information and to register click here

MSI Security & Tactics Talk Ep. 8: Hacker & Security Conventions

“I spoke to some folks who are attending Blackhat and they’re all talking about Android and iPhone. iOS platform attacks. There’s a huge focus on insecurity and developing an attack tool for that model. Not just malware, but actual attack tools.  – Brent Huston, CEO, MicroSolved, Inc.

Listen in as our tech team discusses Blackhat 2011, DefCon, and B-Sides conferences. Discussion questions include:

  • DEFCON, B-Sides and Blackhat are this week in Vegas. With so many hacker and security conventions around now, what do organizations need to know about them?
  • What are you expecting to come from Blackhat and DEFCON this year? What do you find interesting?
  • What does the future of security conventions of hold and where are things likely to go from here?
  • Are the training at these shows worth it for the average IT admin, network engineer or security analyst?
  • Do you have any tips for getting the most out of these shows or for those interested in attending?
Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Chris Lay, Account Executive

Click the embedded player to listen. Or click this link to access downloads. Stay safe!