SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions.


What are you looking for?

>2018 (Page 2)

(SecurityWeek – Joshua Goldfarb) – If you’re like me, you’ve likely sat through some pretty painful conference talks, meetings, industry sessions, or other gatherings over the course of your career. In my experience, these events can generally be broken up into three categories: Those that are good. Those that are so-so. Those that are painful.

While it’s unrealistic to expect every event to be a good one, I don’t think it’s unrealistic to expect them not to be painful. This begs the question:  What makes an event one that is just downright painful?  In my experience, the answer to this question lies in the event organizers and/or presenters not knowing and understanding their audience.

Sometimes, people ask me how they can know what to talk about.  How can they find the topics that interest their audience, regardless of the forum or setting?  How can they come up with content that either resonates with attendees, or is something they can identify with? The answer to these questions is simple: Listen.

More often than not, the information needed to understand an audience and what they might be interested in hearing is there for the taking. Right in front of our eyes. The speaker merely has to be open to and prepared to receive it. So, how can security presenters learn their audiences? I present 5 approaches that I have found helpful in understanding audiences:

Research: There is no substitute for good old-fashioned research. Whether you’re speaking at a conference, presenting in a meeting, working the room at an industry session, or otherwise, researching the audience pays huge dividends.  Is the audience full of security professionals?  Or, are they largely people who perhaps have tangential experience with security?  Or, are they those who are not at all familiar with the security world?  What are their job functions?  What type of industry or industries do they work in?  What countries or geographical areas are they from?  Why are they at this particular event (whatever type of event it may be)?  What motivates the attendees?  What are their goals and priorities?  The list of questions that research can answer goes on and on.  Whatever the questions a presenter settles on are, they help that presenter tremendously when looking to target content, tone, delivery, and message to the audience.

Ask the organizers:  Most event organizers want their speakers and presenters to succeed. After all, the success of an event is directly tied to the quality of its content. True, networking is also important, but with time, good content generally brings the right audience, while poor content generally brings the wrong audience.  Not surprisingly, event organizers are usually quite willing to help presenters understand those who will be in attendance at an event.  In the long run, it benefits everyone. The same goes for meetings as well.  Don’t be afraid to ask your point of contact within an organization who will be in attendance and what they might be interested in hearing.  Chances are that the person who brings you in wants you to succeed.  It makes him or her look good as well.

Discuss with peers:  I’ve always loved the phrase “this isn’t my first rodeo”. If you have a presentation coming up, whatever the forum, chances are that one or more of your peers has some valuable intelligence about it for you.  It’s worth asking around.  You might be surprised at the level of knowledge certain people have regarding a given audience, along with their willingness to share it with you.  Sometimes, the people you work with day in and day out can help you in ways you might not have realized or anticipated.

Ask the audience:  It’s always better to try to know and understand your audience ahead of time, well before you show up.  That allows you to tailor your content to suit their interests.  But what can you do if, for whatever reason, you haven’t been able to gain any helpful insight as to the audience you will encounter?  You can always ask the audience itself.  What do I mean by this?  Make a few bold statements or ask a few questions near the beginning of the talk to see how people react.  Do they answer your questions (perhaps by a show of hands) in a way that helps you understand their backgrounds and interests?  Do their facial expressions or reactions give you some clues as to how they view the world and what they might want to hear about?  If you design the comments or questions properly, you will likely be able to discern quite a few things about the audience’s orientation.

Read the audience: When all else fails, or even if all else succeeds, it’s always a good idea to read the audience. Has everyone taken out their smartphone or opened their laptop?  Are you receiving perplexed or confused looks?  Are people falling asleep?  Does the audience’s body language indicate that they are feeling a certain way that may interfere with them receiving the message you intend to transmit?  Is no one participating or asking questions?  Is no one taking notes? These are just a few of the signs that your content, tone, delivery, or message may not be resonating with or interesting to the audience.  And that means it’s time to adjust. There are few things more painful than watching a speaker lose an audience, no matter the setting.

Cross posted from SecurityWeek

About the Author: Joshua Goldfarb (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently Co-Founder and Chief Product Officer at IDRRA and also serves as Security Advisor to ExtraHop. Prior to joining IDRRA, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

(SecurityWeek - Joshua Goldfarb) - If you’re like me, you’ve likely sat through some pretty painful conference talks, meetings, industry sessions, or other gatherings over the course of your career. In my experience, these events can generally be broken up into three categories: Those that are good. Those that are so-so. Those that are painful. While it’s unrealistic to expect every event to be a good one, I don’t think it’s unrealistic to expect them not to be painful. This begs the

The ICS Security Market is set to grow from its current market value of more than $1.5 billion to over $7 billion by 2024; according to a new research report by Global Market Insights, Inc. The ICS security market growth is attributed to the increasing incidents of cyber-attacks on critical infrastructure industries. Constantly evolving cyber threats, such as ransomware and viruses, can adversely affect production processes in critical infrastructure environments resulting in large-scale financial losses for the companies. The security concerns

(Eduard Kovacs - SecurityWeek) - Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. Several industrial control systems (ICS) vendors published security advisories for the CPU flaws shortly after they were disclosed in early January. Siemens published a bulletin on speculative side-channel vulnerabilities on January 11. In late May, the company updated its bulletin to include information about Variant 3a and Variant 4,

(SecurityWeek - Eduard Kovacs) Siemens informed customers on Tuesday that some of its SICLOCK central plant clocks are affected by several vulnerabilities, including ones that have been rated “critical.” Siemens SICLOCK devices are used to synchronize time in industrial plants. The central plant clock ensures stability in case of a failure or loss of reception at the primary time source. According to the German industrial giant, SICLOCK systems are affected by a total of six vulnerabilities. The security holes have been assigned

(SecurityWeek - Eduard Kovacs) - The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks. The legislation, H.R. 5733, formally known as the “DHS Industrial Control Systems Capabilities Enhancement Act,” was introduced on May 9 by Rep. Don Bacon (R-NE) and it was approved by the House Committee on Homeland Security on June 6. The bill was announced a few weeks after the United States officially

(Eduard Kovacs - SecurityWeek) - In April, at SecurityWeek’s ICS Cyber Security Conference in Singapore, industrial cybersecurity firm Applied Risk disclosed the details of a serious denial-of-service (DoS) vulnerability affecting safety controllers from several major vendors. Rockwell Automation is one of those vendors and the company has now released patches for its products. In an advisory published last week, Rockwell Automation informed customers that the flaw impacts Allen-Bradley CompactLogix 5370 and Compact GuardLogix 5370 programmable automation controllers, which are used to control processes

(Eduard Kovacs - SecurityWeek) - The developers of Triton, a recently discovered piece of malware designed to target industrial control systems (ICS), reverse engineered a legitimate file in an effort to understand how the targeted devices work. Triton, also known as Trisis and HatMan, was discovered in August 2017 after a threat group linked by some to Iran used it against a critical infrastructure organization in the Middle East. The malware targets Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers, which

(SecurityWeek - Eduard Kovacs) - A threat actor with ties to hacker groups believed to be operating out of Iran has been targeting the industrial networks of organizations in the Middle East and the United Kingdom. Tracked by industrial cybersecurity firm Dragos as “Chrysene,” the actor has been linked to OilRig and Greenbug, groups that have mainly focused on the Arabian Gulf region and which are believed to have been involved in the Shamoon and Shamoon 2 attacks. According to Dragos, Chrysene

(Kevin Townsend / SecurityWeek) - The Industrial Internet Consortium (IIC) has developed a new IoT Security Maturity Model (SMM), building on its own security framework and reference architecture. This week it has published the first of two papers: IoT Security Maturity Model: Description and Intended Use. This is primarily a high-level overview aimed at the less technical of IoT stakeholders. "This is for the businessmen," Ron Zahavi, chief strategist for IoT standards at Microsoft, told SecurityWeek, "to help them understand what is needed

(Eduard Kovacs - SecurityWeek) Several natural gas pipeline operators in the United States have been affected by a cyberattack that hit a third-party communications system, but the incident does not appear to have impacted operational technology. Energy Transfer Partners was the first pipeline company to report problems with its Electronic Data Interchange (EDI) system due to a cyberattack that targeted Energy Services Group, specifically the company’s Latitude Technologies unit. EDI is a platform used by businesses to exchange documents such as purchase