Cybersecurity testing for ICS – pitfalls and wins

This is a (long overdue) followup post of the talk I gave at the SANS ICS Summit in 2021 - a recording of this talk can be found on youtube: I suggest you to first look at the recording of the talk before reading further about some questions I have received during the talk.… Continue reading Cybersecurity testing for ICS – pitfalls and wins

Resources to get into #ICS security

Recently I received some questions on what resources I would recommend within the ICS security space to learn more about this. So the question was more specifically about discussion groups, courses, books, certificates and so on... This was also a twitter thread from a while ago to which I responded with some information I share… Continue reading Resources to get into #ICS security

Security testing for ICS Owners – Back to Basics – recording

The video recording of the presentation that I gave at CS3STHLM last year can be found on Youtube: Enjoy watching and when performing security tests within ICS environments, don't forget to look at the basics 😉

Upcoming talk @CS3STHLM – Operator Jail Breakouts

In a few weeks I’ll be giving a talk together with Frank Lycops (  on the hidden dangers of Operator Jail breakouts, how to test these issues, and how to prevent them.  The talk will be provided at the CS3sthlm conference in Sweden ( A brief summary of what to expect: Operator stations are today… Continue reading Upcoming talk @CS3STHLM – Operator Jail Breakouts

Becoming an ICS Security Specialist

During one of my recent lectures on ICS Security one of the students asked me where he had to start to become an ICS Security Specialist. Since I couldn’t give a clear answer right away, I put some thought into the subject and tried to gain more insights on the most important requirements and potential… Continue reading Becoming an ICS Security Specialist