As part of its activity, the Industrial Cybersecurity Center (CCI) organized the 1st Ibero-American Industrial Cybersecurity as reference event for the Spanish market of Industrial Cybersecurity and as a meeting point for the exchange of knowledge, experiences and relationships of all stakeholders in this area.
This first event will be held in Madrid (Spain) the 2nd and 3rd of October and around it a series of pre and post conference workshops that complement the topics covered will be organized in the same.
During the event they will have first class international speakers who will review the status and experiences developed around the world, from the United States through Ibero-America, Netherlands, Middle East and Japan, among others. Will represent all the actors. Fabricators, cybersecurity, engineering, consultants, integrators, end users and critical infrastructures will meet in Madrid to discuss their different perceptions of reality that today is the Industrial Cybersecurity Center.
The Congress is the best opportunity to learn the art of the discipline of the hand of the international leaders in each of their areas and establish valuable relationships that promote collaboration in various fields at national and international level.
During the conference there will be simultaneous translation service and the content of the congress will be accessible later via exclusive tracks for attendees.
Samuel Linares is Director at Industrial Cybersecurity Center, European Commission Independent Evaluator, ENISA (European Network and Information Security Agency) CIIP Expert and General Manager of M45 Seucurity Team at ICT Cluster of Asturias. With +18 years of security, system integration and multinational and multicultural projects management experience, he has been the main promoter of the “Industrial Cybersecurity” concept in Spanish, being recognized as one of the key Spanish and Latin-american experts in the area and participating as speaker, chairman and teacher in different events all over the world (including Spain, UK, Belgium, Qatar, Mexico or Argentina, among others).
Patrick Miller has dedicated his career to the protection and defense of critical infrastructures as a trusted independent advisor. He is a Partner and Managing Principal at The Anfield Group, as well as the founder, director and president emeritus of EnergySec, a 501(c)(3) nonprofit organization focusing on information sharing, situational awareness and security workforce development. Patrick’s diverse background includes positions with regulatory agencies, private consulting firms as well as organizations in the Energy, Telecommunications and Financial Services verticals
Omar Holds a Bachelor of Science degree in computer engineering with more than 10 years of professional Information security, resiliency experience. Omar is a member of the OWASP foundation leader’s board and a voting member in the IEC/ISA-62443 standard for critical infrastructures resiliency and an international partner in the Industrial Control Systems Joint Working Group (ICSJWC) created by the DHS. He has worked for several multinational firms in the oil and gas sector, Omar is a certified CBCP, CRISC, CEH and ISO27001LA and in his spare time an active blogger in (ciip.wordpress.com) and a regular speaker on information security and CIIP issues, currently he is the ictQATAR/QCERT Head of CIIP participating in assessing the critical infrastructures and in drafting national cyber security laws, standards and guidelines like the National ICS security standard, The first document of its kind in the Middle East. he is also managing the national cyber security drills planned for December 2013 organized by Q-CERT
Auke Huistra is project manager at the National Roadmap for Secure Process Control Systems within TNO (Netherlands Organisation for Applied Scientific Research) and Leader of the Work Stream Workforce Development Framework of the Thematic Group on ICS and Smart Grids of ERNCIP (European Reference Network for CIP). He combines this work with the position of Industrial Cyber Security Workforce Development Lead at a critical infrastructure asset owner. The last years he was in several positions in cybersecurity initiatives in The Netherlands, such as co-author of the 1st National Cyber Security Strategy, project manager of several cyber security scenario’s within the National Security Risk Assessment and project manager at CPNI.NL. He has led the Dutch Cybercrime Information Exchange, that has been transfered to the National Cyber Security Center, for about 7 years. This IE exists today of 12 sectoral ISACs (Information Sharing and Analysis Centers) and has become an active network in which the key players from critical infrastructure asset owners, government, vendors, research institutions and academia exchange information about incidents, threats, vulnerabilities and good practices in a trusted setting. Auke Huistra was amongst others co-chair of the Dutch FI-ISAC, Telecom-ISAC and Multinationals-ISAC. Also he was one of the founders and vice-chairman of the European FI-ISAC. Auke Huistra works in the field of (public) security for more than 18 years now. Before his assignment at CPNI.NL, he was amongst others cluster leader Public Security at a big international consultancy firm and CIO at a regional police force in the Netherlands
Maximillian G. Kon is Engineer in Electronics graduated at University of Buenos Aires, specialized in Telecommunications, Information, Automation and Control Systems for Process Industries. He is currently collaborating with CCI to develop the LATAM section, Director for Development of Sections at ISA (www.isa.org) District 4 (LATAM), member of Cibersecurity Committee at ISA, and founder & owner at WisePlant (www.WisePlant.com). He has also been General Manager at Yokogawa Argentina, Regional Manager at ILA Group (company owned by Ibermatica Group from Spain) among other previous activities
He received Bachelor, Master, and Doctor of Engineering in 1978, 1980, and 1987 respectively all from University of Tokyo. He is now a professor of Electro-Communications through University of Tsukuba and University of Tokyo. He is also President of Control System Security Centre (CSSC) and President of Society of Instrument and Control Engineers (SICE).
Manuel has been member of the ESRAB (European Security Research Advisory Board) created by the EC and founder of the GTS (Security steering working group of the 15 major spanish private companies) and the CECONTEL the spanish consortia for Telco Business Continuity. The spanish Information & Communications Security Journal SIC granted him the professional award of the year in 2004. He is member of the Board of ETIS (www.etis.org), the most active private organization in Europe for Telco Industry and Secretary of the Telefonica’s Corporate Security Committee. Manuel is CISA and CISM
Andrew Ginter is the Vice President of Industrial Security at Waterfall Security Solutions in Calgary, Alberta, Canada. He spent the first part of his career developing control system products for a number of vendors, including Hewlett-Packard and Agilent Technologies. At Industrial Defender, as product architect, CTO and CSO roles, he lead the development of the core industrial security product suite. Andrew holds degrees in Mathematics and Computer Science from the University of Calgary, as well as ISP, ITCP, and CISSP accreditations.
Dipl.-Wirtsch.-Ing. graduated at TH Darmstadt. TÜV certified Safety Engineer. With more than a decade of expertise in product management, business development and strategy within Siemens, he specialized in 2004-2008 in machine safety (functional safety in manufacturing industries) and he was Siemens representative in the AS-Interface Association. From 2010-2012 pioneering in Charging Stations for Electromobility. Siemens representative in the Renault “ZE Ready” manufacturer community. Since 2012 focussing on network technology and industrial security. Speaker on Hanover Fair Industrial IT conference
After receiving his degree in electronics and 11 years of working in a company providing highly specialized electronic products and services, Frans joined Honeywell in 1990 as Project Manager. After successful completion of two large multi-year EPC projects, he worked five-years as Operations Manager in the Honeywell Buildings division. Frans rejoined Honeywell Process Solutions in 2000 to lead the engineering community in Western Europe and started in 2004 the Romania back office to support engineering teams in whole of EMEA. Frans became in 2006 the Country Operations Manager for the Netherlands.
Starting 2009, Frans accepted a business management position to grow and manage the Open Systems Services in EMEA. The various Open Systems Services teams around the world are meanwhile fully integrated into a global Industrial IT Solutions organization and today Honeywell provides globally consistent IT solutions and services for process control networks. Our services include assessments, remediation, managing and assurance tasks and are also referred to as Cyber Security Services. As part of our portfolio we provide various remote services like virus protection, patch management, system monitoring, etc. These remotely delivered services are provided by Honeywell specialists working from one of our Remote Service Centers. Frans is at present the marketing manager for Industrial IT Solutions in EMEA
With over 15 years of cyber security experience, Legelis has sought to empower organizations understand their security risks while offering technology solutions that can help leaders more effectively protect their firms within a dramatically escalating threat environment. Legelis’ cyber security expertise includes work in control systems, healthcare, and financial services sectors. She is currently focused on the security challenges of the energy sector at Industrial Defender, the leader of automation systems security, compliance, and change management solutions for industrial control systems.
Prior to joining Industrial Defender, Legelis lead Marketing at Core Security Technologies, a company that pioneered the automation of security testing and measurement. She has also served as director of Financial Services Solutions at Symantec and managed the international expansion of PKI offerings for CyberTrust.
Legelis holds an MBA and Doctorandas in International Marketing and Finance from The Netherlands School of Business and a BS in Industrial Management and Economics from Carnegie-Mellon University.
Short Bio Pending
Short bio pending
Ricardo is Head of the Prospective Section, Cybersecurty Service in the Spanish National Center for the Protection of Critical. Bachelor’s Degree in Telecommunication Engineering and Master’s Degree in ICT. He has been Lieutenant of Guardia Civil, Criminalistic Service in the Engineering Department and Project Engineer and Project Manager in ICS.
Alfonso Franch Meneu, General Manager of Panda Security Spain, is responsible for creating and executing sales strategies for Panda Security’s corporate business, as well as defining and implementing action plans with the distribution channel.
Alfonso Franch has over 20 years of professional experience in the ICT, Telecommunications and Food sectors, and has occupied senior management positions in companies such as Microsoft, Grupo Franch or Vodafone, where he held several executive positions in partner and distribution channel management from 2009 to 2013.
He is currently the General Manager of Panda Security Spain since April 2013.
Born in Madrid in 1964, Alfonso Franch holds a Bachelor’s Degree in Business Administration, and completed a Program for Management Development at IESE Business School and a Program for Senior Management at Instituto Internacional San Telmo (Seville, Spain).
Short bio pending
Jose Luis Laguna works as Pre-sales Engineer at Fortinet for last year, leading projects and initiatives related to Industrial Cybersecurity. Previously acting as CISO in Técnicas Reunidas, Industrial Engineering leader in Spain. As ISO 27001 Lead Auditor by BSI, implemented and certified Técnicas Reunidas ISMS in 2011. He has over 20 years of experience in network design, open systems, storage systems, IP Telephony and IT Security
Founding member and Secretary of the Association Profibus – Profinet Spain and Director of the Profibus Profinet Competence Center in Spain, member of the Board of Directors of Logitek, SA, advisor for PLC-PROG European Consortium for the design and development of a universal programming software for PLCs and SCADA and Marketing & Strategic Business Director. Consultant Automation Systems, SCADA industrial communications, and M2M, especially in the sectors of Water and Energy. Having attended several courses in management skills and ESADE EADA, Cyber Security for Automation, Control and SCADA Systems ISA99, telemetry Communications Training (DNP3, IEC60870) or Industrial communications (Profibus / Profinet), among others
Samuel Linares is Director at Industrial Cybersecurity Center, European Commission Independent Evaluator, ENISA (European Network and Information Security Agency) CIIP Expert and General Manager of M45 Seucurity Team at ICT Cluster of Asturias. With +18 years of security, system integration and multinational and multicultural projects management experience, he has been the main promoter of the “Industrial Cybersecurity” concept in Spanish, being recognized as one of the key Spanish and Latin-american experts in the area and participating as speaker, chairman and teacher in different events all over the world (including Spain, UK, Belgium, Qatar, Mexico or Argentina, among others).
Short bio pending
In a career that stretches back to the early days of the company, Andrey worked as a senior software engineer and architect before moving to the strategic marketing department as a product strategy manager. Prior to his present role, Andrey headed the Cloud and Content Technologies Research and Development Department. Before he joined Kaspersky Lab, Andrey already had several years of experience developing his own antivirus programs Andrey has a degree from the Baltic State Technical University in St. Petersburg and received his MBA from the London Business School.
As a 19 years of experienced information security practitioner, Javier has been leading different departments at several Spanish security services providers, heading the Business Development Management at GMV, Unitronics and SIA, performing strategic security analysis at CERN and spreading security knowledge at Universidad Camilo José Cela in Madrid. Javier is BsC in Computer Science by Universidad Politécnica de Madrid and Private Security Director by UNED and currently he is defining and leading GMV business development strategy regarding CIIP and IACS Cybersecurity.
Mr. Jairo Alonso is both a Computer Engineering and an Electronic Engineer by the University of León and the University of Valladolid. He has previous experience working in a Spanish energy company. Currently he is part of S21sec’s SCADA and Smart Grid security research group. Moreover, he has field experience as PLC/RTU programmer (Siemens S7, Schneider/Modicon, etc.) and as a PKI expert
Founding member and Secretary of the Association Profibus – Profinet Spain and Director of the Profibus Profinet Competence Center in Spain, member of the Board of Directors of Logitek, SA, advisor for PLC-PROG European Consortium for the design and development of a universal programming software for PLCs and SCADA and Marketing & Strategic Business Director. Consultant Automation Systems, SCADA industrial communications, and M2M, especially in the sectors of Water and Energy. Having attended several courses in management skills and ESADE EADA, Cyber Security for Automation, Control and SCADA Systems ISA99, telemetry Communications Training (DNP3, IEC60870) or Industrial communications (Profibus / Profinet), among others
Manuel has been member of the ESRAB (European Security Research Advisory Board) created by the EC and founder of the GTS (Security steering working group of the 15 major spanish private companies) and the CECONTEL the spanish consortia for Telco Business Continuity. The spanish Information & Communications Security Journal SIC granted him the professional award of the year in 2004. He is member of the Board of ETIS (www.etis.org), the most active private organization in Europe for Telco Industry and Secretary of the Telefonica’s Corporate Security Committee. Manuel is CISA and CISM.
With more than 25 years of experience in the field of industrial automation, Fernando Conde is an specialist in control systems design and industrial networks (PLCs, HMIs, PCs and different fieldbuses.) He is currently the Technical Director of the Profibus and Profinet International Competence in Spain with a degree of Engineer and Trainer Certified by the International Association. He has several certifications in Wonderware SCADA solutions
Iñaki Eguia leads CyberSecurity team in IT-Competitiveness unit in Tecnalia. He has participated in several European projects related to security, web infrastructures, embedded systems and networks heterogeneity. He has coordinated ARCADIA FP7 funded project related to embedded systems and CIPS RISC Porject. He is member of NIS and Artemis. He is also the responsible of International Innovation Unit of Prometeo that aims to push enterprises to do an international R&D. He obtained his degree in Computer Science from Deusto University and Lund University (Sweden 2001) and his degree in Industrial engineering at Deusto University (2006). He currently participates in a number of European Security R&D projects for large industries, such as nSHIELD, pSHIELD, ARCADIA, Internet of Energy and Chiron. Iñaki Eguia is professor in the University of Deusto for security engineering master course
Alfonso Franch Meneu, General Manager of Panda Security Spain, is responsible for creating and executing sales strategies for Panda Security’s corporate business, as well as defining and implementing action plans with the distribution channel.
Alfonso Franch has over 20 years of professional experience in the ICT, Telecommunications and Food sectors, and has occupied senior management positions in companies such as Microsoft, Grupo Franch or Vodafone, where he held several executive positions in partner and distribution channel management from 2009 to 2013.
He is currently the General Manager of Panda Security Spain since April 2013.
Born in Madrid in 1964, Alfonso Franch holds a Bachelor’s Degree in Business Administration, and completed a Program for Management Development at IESE Business School and a Program for Senior Management at Instituto Internacional San Telmo (Seville, Spain).
Arkaitz Gamino belongs to Research and Development Area at TECNALIA. He has participated in several European projects related to industrial security, convergence of cyber & physical systems, web infrastructures and embedded systems. He works in several projects related to IT Security, including data protection legislation which affects Spanish undertakings is the personal data protection act (15/1999 – Ley Orgánica 15/1999 de Datos de Carácter Personal – LOPD) and it’s implementing regulations. Also, he works in certification of the security measures laid down by gambling law (Ley 4/1988, de 3 de junio and Ley 4/1991, de 8 de noviembre). He obtained his degree in Computer Science from University of Deusto and he obtained his postgraduate in Cybersecurity from University of Deusto. He holds CISA (Certified Information Systems Auditor) certification in 2009 from ISACA/F – Information Systems Audit and Control Association / Foundation and he is member of CENELEC
Andrew Ginter is the Vice President of Industrial Security at Waterfall Security Solutions in Calgary, Alberta, Canada. He spent the first part of his career developing control system products for a number of vendors, including Hewlett-Packard and Agilent Technologies. At Industrial Defender, as product architect, CTO and CSO roles, he lead the development of the core industrial security product suite. Andrew holds degrees in Mathematics and Computer Science from the University of Calgary, as well as ISP, ITCP, and CISSP accreditations.
Auke Huistra is project manager at the National Roadmap for Secure Process Control Systems within TNO (Netherlands Organisation for Applied Scientific Research) and Leader of the Work Stream Workforce Development Framework of the Thematic Group on ICS and Smart Grids of ERNCIP (European Reference Network for CIP). He combines this work with the position of Industrial Cyber Security Workforce Development Lead at a critical infrastructure asset owner. The last years he was in several positions in cybersecurity initiatives in The Netherlands, such as co-author of the 1st National Cyber Security Strategy, project manager of several cyber security scenario’s within the National Security Risk Assessment and project manager at CPNI.NL. He has led the Dutch Cybercrime Information Exchange, that has been transfered to the National Cyber Security Center, for about 7 years. This IE exists today of 12 sectoral ISACs (Information Sharing and Analysis Centers) and has become an active network in which the key players from critical infrastructure asset owners, government, vendors, research institutions and academia exchange information about incidents, threats, vulnerabilities and good practices in a trusted setting. Auke Huistra was amongst others co-chair of the Dutch FI-ISAC, Telecom-ISAC and Multinationals-ISAC. Also he was one of the founders and vice-chairman of the European FI-ISAC. Auke Huistra works in the field of (public) security for more than 18 years now. Before his assignment at CPNI.NL, he was amongst others cluster leader Public Security at a big international consultancy firm and CIO at a regional police force in the Netherlands
Maximillian G. Kon is Engineer in Electronics graduated at University of Buenos Aires, specialized in Telecommunications, Information, Automation and Control Systems for Process Industries. He is currently collaborating with CCI to develop the LATAM section, Director for Development of Sections at ISA (www.isa.org) District 4 (LATAM), member of Cibersecurity Committee at ISA, and founder & owner at WisePlant (www.WisePlant.com). He has also been General Manager at Yokogawa Argentina, Regional Manager at ILA Group (company owned by Ibermatica Group from Spain) among other previous activities
Dipl.-Wirtsch.-Ing. graduated at TH Darmstadt. TÜV certified Safety Engineer. With more than a decade of expertise in product management, business development and strategy within Siemens, he specialized in 2004-2008 in machine safety (functional safety in manufacturing industries) and he was Siemens representative in the AS-Interface Association. From 2010-2012 pioneering in Charging Stations for Electromobility. Siemens representative in the Renault “ZE Ready” manufacturer community. Since 2012 focussing on network technology and industrial security. Speaker on Hanover Fair Industrial IT conference.
Jose Luis Laguna works as Pre-sales Engineer at Fortinet for last year, leading projects and initiatives related to Industrial Cybersecurity. Previously acting as CISO in Técnicas Reunidas, Industrial Engineering leader in Spain. As ISO 27001 Lead Auditor by BSI, implemented and certified Técnicas Reunidas ISMS in 2011. He has over 20 years of experience in network design, open systems, storage systems, IP Telephony and IT Security
Javier holds a Physics Degree (electronics and computer science, Basque Country University, Bilbao, 1982) and has over 30 years experience as Entrepreneur and senior consultant in Business development, R&D and ITC. He managed many institutional programmes in Spain for sectoral Associations to promote innovation and technology development. He deployed innovative training programmes for SME, including the development of websites and multimedia training materials, also to improve the industrial safety (energy and manufacturing sectors). He has been fully involved in the launching of R&D Support Services to encourage Enterprise R&D activity and increase SME participation in public-funded programmes. In 2008 he joined TECNALIA to manage the Technical Secretary of the Spanish Technology Platform on Industrial Safety (PESI) and became Secretary General in 2012. Since March 2011 he is an elected member of the Executrive Board at the European Platform (ETPIS).
With over 15 years of cyber security experience, Legelis has sought to empower organizations understand their security risks while offering technology solutions that can help leaders more effectively protect their firms within a dramatically escalating threat environment. Legelis’ cyber security expertise includes work in control systems, healthcare, and financial services sectors. She is currently focused on the security challenges of the energy sector at Industrial Defender, the leader of automation systems security, compliance, and change management solutions for industrial control systems.
Prior to joining Industrial Defender, Legelis lead Marketing at Core Security Technologies, a company that pioneered the automation of security testing and measurement. She has also served as director of Financial Services Solutions at Symantec and managed the international expansion of PKI offerings for CyberTrust.
Legelis holds an MBA and Doctorandas in International Marketing and Finance from The Netherlands School of Business and a BS in Industrial Management and Economics from Carnegie-Mellon University.
Samuel Linares is Director at Industrial Cybersecurity Center, European Commission Independent Evaluator, ENISA (European Network and Information Security Agency) CIIP Expert and General Manager of M45 Seucurity Team at ICT Cluster of Asturias. With +18 years of security, system integration and multinational and multicultural projects management experience, he has been the main promoter of the “Industrial Cybersecurity” concept in Spanish, being recognized as one of the key Spanish and Latin-american experts in the area and participating as speaker, chairman and teacher in different events all over the world (including Spain, UK, Belgium, Qatar, Mexico or Argentina, among others).
He holds various cybersecurity certifications including CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in Governance of Enterprise IT), CISM (Certified Information Security Manager), CISA (Certified Information Security Auditor), CISSP (Certified Information Systems Security Professional), GIAC Assessing Wireless Networks (GAWN), Systems and Network Auditor (GSNA), and Google Hacking & Defense (SSP-GHD), BSI BS 25999 & BS 7799 Lead Auditor (since 2002), and several additional vendor specific technical certifications. He holds a B.S. in Computer Science from the Univ. de Oviedo and is University Specialist in Data Protection by the Colegio Universitario Escorial Maria Cristina.
Samuel can be followed usually by his Blog (http://blog.infosecman.com) and his twitter @infosecmanblog
(Short Bio Pending)
Short Bio pending
Patrick Miller provides services as an independent security and regulatory advisor for the Critical Infrastructure sectors as an independent contractor and through his role as Partner and Managing Principal of the Anfield Group.
Patrick specializes in consulting and advisory services specific to the critical infrastructure security and regulatory guidance in areas such as strategic executive advisory, regulatory and legislative landscape, NERC Critical Infrastructure Protection (CIP) audit preparation, gap analysis, self-certification, compliance support, program implementation, training and technical remediation. Other areas of subject matter expertise include the Department of Energy (DOE) Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) and the Risk Management Process (RMP), the National Institute of Standards and Technology Cybersecurity Framework (NISTCSF), the Obama Executive Order on Cybersecurity and the Presidential Policy Directive 21 – Critical Infrastructure Security and Resilience.
Mr. Miller is also the Founder, Director, President Emeritus of Energy Sector Security Consortium, Inc. (EnergySec), a 501(c)(3) nonprofit organization. Since 2001, EnergySec has supported security and operations professionals within the Energy industry. Patrick accepted the position as President and CEO of EnergySec and Principal Investigator for the National Electric Sector Cybersecurity Organization (NESCO) in late 2010. Patrick currently holds a seat on the Executive Committee of the NESCO Advisory Board and is the EnergySec liaison to the North American Energy CISO Forum.
Prior to EnergySec, Mr. Miller was director, NERC CIP compliance consulting practice at ICF International. Preceding ICF, Patrick was manager of critical infrastructure protection (CIP) audits and investigations for the Western Electricity Coordinating Council (WECC) Regional Entity under the North American Electric Reliability Corporation (NERC) in their capacity as the Electric Reliability Organization delegated by the Federal Energy Regulatory Commission (FERC). Before joining WECC, Mr. Miller held the position of senior information security consultant for PacifiCorp in Portland, OR, where he was responsible for both information technology and industrial control system security consulting as well as regulatory compliance. Mr. Miller was also principal security consultant for Breakwater Security Associates where he developed and managed the energy and utility security consulting practice.
Among other certifications, Mr. Miller holds the Certified Information Systems Auditor and Certified Information Systems Security Professional certificates with a concentration in information systems security architecture. He is a recognized public speaker on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy.
Mr. Miller provides regular advice and briefings to congressional staff and other government agencies (US and international). He is an active volunteer and member of several critical infrastructure security working groups. Patrick has been recognized with a number of professional awards for his successful work in building information sharing functions and cybersecurity programs. In addition to his energy sector experience, Mr. Miller also held key positions in the insurance, Internet and telecommunications verticals.
Ricardo is Head of the Prospective Section, Cybersecurty Service in the Spanish National Center for the Protection of Critical. Bachelor’s Degree in Telecommunication Engineering and Master’s Degree in ICT. He has been Lieutenant of Guardia Civil, Criminalistic Service in the Engineering Department and Project Engineer and Project Manager in ICS.
In a career that stretches back to the early days of the company, Andrey worked as a senior software engineer and architect before moving to the strategic marketing department as a product strategy manager. Prior to his present role, Andrey headed the Cloud and Content Technologies Research and Development Department. Before he joined Kaspersky Lab, Andrey already had several years of experience developing his own antivirus programs. Andrey has a degree from the Baltic State Technical University in St. Petersburg and received his MBA from the London Business School.
Ignacio Paredes has a M.S. in Computer Science and works as manager of Studies and Research at the Industrial Cybersecurity Center. Since 1999 he has been involved in different projects related to information security for important enterprises mainly from the telecommunications field. He is an expert in the design and deployment of technical and administrative security solutions, including topics such as applications security, secure network design, critical infrastructure protection, ethical hacking, business continuity planning, implementation of ISO/27001 based ISMSs and risk assessment and management.
Among others he holds the following professional certifications: ISACA: CRISC, CISM, CISA; (ISC)2 Certified Information Systems Security Professional (CISSP); PMI Project Management Professional (PMP), GIAC Systems and Network Auditor (GSNA); GIAC Assessing Wireless Networks (GAWN); BS 7799 Lead Auditor by BSI (British Standards Institution); EC-Council Certified Ethical Hacker (CeH); Optenet Certified Systems Engineer (OCSE); Sun SCNA and Sun SCSA.
(Short Bio Pending)
Miguel has been a director of the IT ERS since 2011. In the course of his professional career he has participated in and coordinated integrated security strategic plans definition, digital identity, information security policies and definition and implementing security operation centers.
He is currently the responsible in Spain for developing security services related to Cyber-security, Integrated Security and Critical Infrastructure Protection. Professor in post grades related to security management and co-director in the Master in Information Security Management (Universidad Politécnica de Madrid). Besides, Miguel is director in Spanish Cyber-security Institute.
Rafael Rodriguez de Cora has B.S. degree in computer science from the Universidad de Chile. This degree was subsequently recognized by the Spanish Education Ministry.
He has been an independent consultant working with various public and private organizations in Consulting, Information System Audits and Training.
In addition Rafael has worked with such international firms as Arthur Andersen & Co., and Price Waterhouse. He has founded and been partner of national firms to include Penta Consultores, S.A. and Aroc Consultores, S.A.
Rafael has extensive training experience and was the OEI technical adviser for the III Iberoamerican Conference of Education Ministers.
Currently, Rafael is the founder and principle of Computer Aided Logistics, S.L. (CALS) and Computer Aided GRC, S.L. (CAGRC).
Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid). Currently is the CEO at VULNEX, driving security innovation. Former Microsoft, PriceWaterhouseCoopers and @Stake.
Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products. He was awarded a DARPA Cyber Fast Track (CFT) grant to research on software security. Frequent speaker at security industry events including BLACK HAT, RSA, OWASP, AppSec, SOURCE, DeepSec and Microsoft Security Technets. CISSP, CEH & CSSLP. Blog: www.simonroses.com
Fernando Sevillano has a Business Administration Bachelor done in Complutense University (Madrid 1995), a Master Degree in Marketing and Business Communication Management and Research done in Rey Juan Carlos University (Madrid 2008) and he is Ph.D. at the Computing Department, Universidad Rey Juan Carlos University (Madrid 2006-2010) developing his Thesis: “A model for Real Time Enterprise strategies implementation in business environments”. With over 17 years of experience, his professional career has developed in the IT sector, particularly in the area of enterprise management solutions (ERP, BI, CRM) and industrial management (SCADA and MES). In parallel he is actively involved in research work in the area of business + computer within GAAP group at the Universidad Rey Juan Carlos, with whom has published about 5 international and 10 national papers in the field of security and distributed systems (cluster , grid, cloud computing …).
Omar Holds a Bachelor of Science degree in computer engineering with more than 10 years of professional Information security, resiliency experience. Omar is a member of the OWASP foundation leader’s board and a voting member in the IEC/ISA-62443 standard for critical infrastructures resiliency and an international partner in the Industrial Control Systems Joint Working Group (ICSJWC) created by the DHS. He has worked for several multinational firms in the oil and gas sector, Omar is a certified CBCP, CRISC, CEH and ISO27001LA and in his spare time an active blogger in (ciip.wordpress.com) and a regular speaker on information security and CIIP issues, currently he is the ictQATAR/QCERT Head of CIIP participating in assessing the critical infrastructures and in drafting national cyber security laws, standards and guidelines like the National ICS security standard, The first document of its kind in the Middle East. he is also managing the national cyber security drills planned for December 2013 organized by Q-CERT
He received Bachelor, Master, and Doctor of Engineering in 1978, 1980, and 1987 respectively all from University of Tokyo. He is now a professor of Electro-Communications through University of Tsukuba and University of Tokyo. He is also President of Control System Security Centre (CSSC) and President of Society of Instrument and Control Engineers (SICE).
After receiving his degree in electronics and 11 years of working in a company providing highly specialized electronic products and services, Frans joined Honeywell in 1990 as Project Manager. After successful completion of two large multi-year EPC projects, he worked five-years as Operations Manager in the Honeywell Buildings division. Frans rejoined Honeywell Process Solutions in 2000 to lead the engineering community in Western Europe and started in 2004 the Romania back office to support engineering teams in whole of EMEA. Frans became in 2006 the Country Operations Manager for the Netherlands.
Starting 2009, Frans accepted a business management position to grow and manage the Open Systems Services in EMEA. The various Open Systems Services teams around the world are meanwhile fully integrated into a global Industrial IT Solutions organization and today Honeywell provides globally consistent IT solutions and services for process control networks. Our services include assessments, remediation, managing and assurance tasks and are also referred to as Cyber Security Services. As part of our portfolio we provide various remote services like virus protection, patch management, system monitoring, etc. These remotely delivered services are provided by Honeywell specialists working from one of our Remote Service Centers. Frans is at present the marketing manager for Industrial IT Solutions in EMEA
Short bio pending
As a 19 years of experienced information security practitioner, Javier has been leading different departments at several Spanish security services providers, heading the Business Development Management at GMV, Unitronics and SIA, performing strategic security analysis at CERN and spreading security knowledge at Universidad Camilo José Cela in Madrid. Javier is BsC in Computer Science by Universidad Politécnica de Madrid and Private Security Director by UNED and currently he is defining and leading GMV business development strategy regarding CIIP and IACS Cybersecurity.
9:00 to 13:00h: Advanced Industrial Cybersecurity Workshop (english)
Recently, Patrick Miller surveyed the top global Industrial Cybersecurity experts asking them to identify the most concerning Industrial Cybersecurity challenges. The results are in and the problems need solutions. Join your colleagues and peers in this collaborative workshop to discuss the most effective measures to overcome these difficult obstacles.
With all the hype around SCADA and Industrial Control System cybersecurity, it’s hard to tell what’s true and what isn’t. Understanding the real threats, vulnerabilities and impacts to these critical systems is a significant challenge. Discerning practical and cost-effective strategies to mitigate the risks can be equally difficult. The unique security approaches required for Industrial Control Systems are not fully understood by many. In this session, you will also hear some of the successes and failures related to technology, process and governance, along with some possible approaches to navigate the difficult road ahead
COST: 300€
Patrick Miller ( President Emeritus EnergySec, Partner and Managing Principal, The Anfield Group, EnergySec )
Patrick Miller provides services as an independent security and regulatory advisor for the Critical Infrastructure sectors as an independent contractor and through his role as Partner and Managing Principal of the Anfield Group.
Patrick specializes in consulting and advisory services specific to the critical infrastructure security and regulatory guidance in areas such as strategic executive advisory, regulatory and legislative landscape, NERC Critical Infrastructure Protection (CIP) audit preparation, gap analysis, self-certification, compliance support, program implementation, training and technical remediation. Other areas of subject matter expertise include the Department of Energy (DOE) Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) and the Risk Management Process (RMP), the National Institute of Standards and Technology Cybersecurity Framework (NISTCSF), the Obama Executive Order on Cybersecurity and the Presidential Policy Directive 21 – Critical Infrastructure Security and Resilience.
Mr. Miller is also the Founder, Director, President Emeritus of Energy Sector Security Consortium, Inc. (EnergySec), a 501(c)(3) nonprofit organization. Since 2001, EnergySec has supported security and operations professionals within the Energy industry. Patrick accepted the position as President and CEO of EnergySec and Principal Investigator for the National Electric Sector Cybersecurity Organization (NESCO) in late 2010. Patrick currently holds a seat on the Executive Committee of the NESCO Advisory Board and is the EnergySec liaison to the North American Energy CISO Forum.
Prior to EnergySec, Mr. Miller was director, NERC CIP compliance consulting practice at ICF International. Preceding ICF, Patrick was manager of critical infrastructure protection (CIP) audits and investigations for the Western Electricity Coordinating Council (WECC) Regional Entity under the North American Electric Reliability Corporation (NERC) in their capacity as the Electric Reliability Organization delegated by the Federal Energy Regulatory Commission (FERC). Before joining WECC, Mr. Miller held the position of senior information security consultant for PacifiCorp in Portland, OR, where he was responsible for both information technology and industrial control system security consulting as well as regulatory compliance. Mr. Miller was also principal security consultant for Breakwater Security Associates where he developed and managed the energy and utility security consulting practice.
Among other certifications, Mr. Miller holds the Certified Information Systems Auditor and Certified Information Systems Security Professional certificates with a concentration in information systems security architecture. He is a recognized public speaker on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy.
Mr. Miller provides regular advice and briefings to congressional staff and other government agencies (US and international). He is an active volunteer and member of several critical infrastructure security working groups. Patrick has been recognized with a number of professional awards for his successful work in building information sharing functions and cybersecurity programs. In addition to his energy sector experience, Mr. Miller also held key positions in the insurance, Internet and telecommunications verticals.
15:30h to 18:30h: R+D+i on Industrial Cybersecurity: Horizon 2020 (spanish)
This workshop will cover the different strategies and lines of activitiy that the European Commission is developing in the area of Industrial Cybersecurity R+D+i. Topics like Smart Grid Security, Smart Cities, industrial control systems cybercrime or safe infrastructures will be presented and discussed as well as how the new Horizon 2020 work programme is addressing these great challenges.
Indications about building a successful proposal, quality of consortiums, different existing players analysis and step by step instructions will be presented in the workshop.
Finally, knowing the evaluation process and how the evaluators work when our proposal come to the commission is very valuable, so a presentation from the real experience of an evaluator will be included.
General Contents:
COST: 100€
Javier Larrañeta ( General Secretary, Industrial Safety Spanish Platform (PESI) )
Javier holds a Physics Degree (electronics and computer science, Basque Country University, Bilbao, 1982) and has over 30 years experience as Entrepreneur and senior consultant in Business development, R&D and ITC. He managed many institutional programmes in Spain for sectoral Associations to promote innovation and technology development. He deployed innovative training programmes for SME, including the development of websites and multimedia training materials, also to improve the industrial safety (energy and manufacturing sectors). He has been fully involved in the launching of R&D Support Services to encourage Enterprise R&D activity and increase SME participation in public-funded programmes. In 2008 he joined TECNALIA to manage the Technical Secretary of the Spanish Technology Platform on Industrial Safety (PESI) and became Secretary General in 2012. Since March 2011 he is an elected member of the Executrive Board at the European Platform (ETPIS).
Samuel Linares ( Director, Industrial Cybersecurity Center )
Samuel Linares is Director at Industrial Cybersecurity Center, European Commission Independent Evaluator, ENISA (European Network and Information Security Agency) CIIP Expert and General Manager of M45 Seucurity Team at ICT Cluster of Asturias. With +18 years of security, system integration and multinational and multicultural projects management experience, he has been the main promoter of the “Industrial Cybersecurity” concept in Spanish, being recognized as one of the key Spanish and Latin-american experts in the area and participating as speaker, chairman and teacher in different events all over the world (including Spain, UK, Belgium, Qatar, Mexico or Argentina, among others).
He holds various cybersecurity certifications including CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in Governance of Enterprise IT), CISM (Certified Information Security Manager), CISA (Certified Information Security Auditor), CISSP (Certified Information Systems Security Professional), GIAC Assessing Wireless Networks (GAWN), Systems and Network Auditor (GSNA), and Google Hacking & Defense (SSP-GHD), BSI BS 25999 & BS 7799 Lead Auditor (since 2002), and several additional vendor specific technical certifications. He holds a B.S. in Computer Science from the Univ. de Oviedo and is University Specialist in Data Protection by the Colegio Universitario Escorial Maria Cristina.
Samuel can be followed usually by his Blog (http://blog.infosecman.com) and his twitter @infosecmanblog
15:30h to 17:30h: ICS Software on mobile devices: Threats & Defenses
ICS solutions are being rapidly deployed to mobile devices so operators can manage their infrastructure anytime from anywhere. However this flexibility comes with a price: security & privacy concerns.
This workshop covers current threats & defenses to ICS solutions on the mobile space: Android and iOS (iPhone/iPad), what the risks are and how to protect against them.
If your organization is deploying ICS solutions or thinking about it, come and learn how to protect your systems and mobile devices.
Covered topics:
COST: 100€
Simón Roses Femerling ( CEO, VULNEX )
Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid). Currently is the CEO at VULNEX, driving security innovation. Former Microsoft, PriceWaterhouseCoopers and @Stake.
Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products. He was awarded a DARPA Cyber Fast Track (CFT) grant to research on software security. Frequent speaker at security industry events including BLACK HAT, RSA, OWASP, AppSec, SOURCE, DeepSec and Microsoft Security Technets. CISSP, CEH & CSSLP. Blog: www.simonroses.com.
9:00 to 13:00h: Introduction to Smart Grid Security (spanish)
In recent years the power grid has evolved to become the new Smart Grid, a new network that aims to be more efficient and environmentally friendly. One of the most influential changes in these new networks have been installing smart meters and remote management, for which it has been necessary to connect the various components of the grid to telecommunications networks. The future mass deployment of new smart meters and its connection to the telecommunications network opens up new attack vectors to attackers. This training course is intended to give an overview of security in Smart Grids, discussing the problem of security in the field of low voltage and medium voltage.
General Content:
COST: 250€
Jairo Alonso Ortiz ( SCADA and Smart Grid Security Researcher, S21sec )
Mr. Jairo Alonso is both a Computer Engineering and an Electronic Engineer by the University of León and the University of Valladolid. He has previous experience working in a Spanish energy company. Currently he is part of S21sec’s SCADA and Smart Grid security research group. Moreover, he has field experience as PLC/RTU programmer (Siemens S7, Schneider/Modicon, etc.) and as a PKI expert
Iñaki Eguía Elejabarrieta ( Industrial Cybersecurity Researcher, Tecnalia )
Iñaki Eguia leads CyberSecurity team in IT-Competitiveness unit in Tecnalia. He has participated in several European projects related to security, web infrastructures, embedded systems and networks heterogeneity. He has coordinated ARCADIA FP7 funded project related to embedded systems and CIPS RISC Porject. He is member of NIS and Artemis. He is also the responsible of International Innovation Unit of Prometeo that aims to push enterprises to do an international R&D. He obtained his degree in Computer Science from Deusto University and Lund University (Sweden 2001) and his degree in Industrial engineering at Deusto University (2006). He currently participates in a number of European Security R&D projects for large industries, such as nSHIELD, pSHIELD, ARCADIA, Internet of Energy and Chiron. Iñaki Eguia is professor in the University of Deusto for security engineering master course
Arkaitz Gamino ( Industrial Cybersecurity Researcher, Tecnalia )
Arkaitz Gamino belongs to Research and Development Area at TECNALIA. He has participated in several European projects related to industrial security, convergence of cyber & physical systems, web infrastructures and embedded systems. He works in several projects related to IT Security, including data protection legislation which affects Spanish undertakings is the personal data protection act (15/1999 – Ley Orgánica 15/1999 de Datos de Carácter Personal – LOPD) and it’s implementing regulations. Also, he works in certification of the security measures laid down by gambling law (Ley 4/1988, de 3 de junio and Ley 4/1991, de 8 de noviembre). He obtained his degree in Computer Science from University of Deusto and he obtained his postgraduate in Cybersecurity from University of Deusto. He holds CISA (Certified Information Systems Auditor) certification in 2009 from ISACA/F – Information Systems Audit and Control Association / Foundation and he is member of CENELEC
9:00 to 13:00h: Supply Chain Cybersecurity (spanish)
All the companies in the industrial sector, manufacturers, system integrators, contractors, subcontractors, etc., depend on logistics operators and are integrated into the supply chain. The logistics operators have identified up to the present time security with the protection of assets and physical structures. It is the time to incorporate cyber security in business processes as an intermediate step towards the concept of Integral Security.
This workshop identifies threats and risks along the supply chain and the direct and indirect impacts on our company or on our clients, if through our processes or infrastructures we create a problem for them or at the other hand, we are affected by security breaches from our suppliers. If this scenario has not even been raised or if you are aware of the situation of risk and are looking for the opinion of experts, please attend this workshop and obtain information to support your decisions
COST: 100€
Miguel Rego ( Director IT ERS, Deloitte )
Miguel has been a director of the IT ERS since 2011. In the course of his professional career he has participated in and coordinated integrated security strategic plans definition, digital identity, information security policies and definition and implementing security operation centers.
He is currently the responsible in Spain for developing security services related to Cyber-security, Integrated Security and Critical Infrastructure Protection. Professor in post grades related to security management and co-director in the Master in Information Security Management (Universidad Politécnica de Madrid). Besides, Miguel is director in Spanish Cyber-security Institute.
Rafael Rodríguez de Cora ( Founder and Principle, Computer Aided Logistics (CALS) )
Rafael Rodriguez de Cora has B.S. degree in computer science from the Universidad de Chile. This degree was subsequently recognized by the Spanish Education Ministry.
He has been an independent consultant working with various public and private organizations in Consulting, Information System Audits and Training.
In addition Rafael has worked with such international firms as Arthur Andersen & Co., and Price Waterhouse. He has founded and been partner of national firms to include Penta Consultores, S.A. and Aroc Consultores, S.A.
Rafael has extensive training experience and was the OEI technical adviser for the III Iberoamerican Conference of Education Ministers.
Currently, Rafael is the founder and principle of Computer Aided Logistics, S.L. (CALS) and Computer Aided GRC, S.L. (CAGRC)
15:00h to 19:00h: Introduction to Industrial Control Systems for IT professionals (spanish)
Although the Industrial Control Systems (OT) over the last years are applying COTS systems to operate, there are still major differences with IT systems (the foremost importance of the availability, performance and reliability requirements, Operating System settings and applications, architectures, etc..), so that countermeasures used in traditional IT systems may be inappropriate for an OT system. This workshop will introduce the participants to an industrial control system and its various components, including instrumentation and sensors, control devices (PLCs, RTUs, DCS …), control networks specific industrial protocols (OPC, DNP3, Profibus, etc …), SCADA systems, historians and MES systems according to levels 0-3 of the ISA. Also we will go into aspects of cybersecurity and how these OT devices are tailored to the needs of security and high availability. For the workshop will use industrial control equipment and real networks
COST: 200€
Fernando Conde ( Technical Director of the Profibus and Profinet International Competence, Logitek )
With more than 25 years of experience in the field of industrial automation, Fernando Conde is an specialist in control systems design and industrial networks (PLCs, HMIs, PCs and different fieldbuses.) He is currently the Technical Director of the Profibus and Profinet International Competence in Spain with a degree of Engineer and Trainer Certified by the International Association. He has several certifications in Wonderware SCADA solutions
15:00h to 19:00h: Introduction to Cybersecurity for Automation and Instrumentation professionals
The purpose of this workshop is to prepare the staff responsible of control and automation systems for facing the challenges posed by the application of new information and communication technologies to industrial facilities. During the workshop, key issues will be discussed such as why we have reached this situation, how to solve the emerged problems and mitigate the impact of potential incidents and available tools for helping in this task
COST: 200€
Ignacio Paredes ( Studies and Research Manager, Industrial Cybersecurity Congress )
Ignacio Paredes has a M.S. in Computer Science and works as manager of Studies and Research at the Industrial Cybersecurity Center. Since 1999 he has been involved in different projects related to information security for important enterprises mainly from the telecommunications field. He is an expert in the design and deployment of technical and administrative security solutions, including topics such as applications security, secure network design, critical infrastructure protection, ethical hacking, business continuity planning, implementation of ISO/27001 based ISMSs and risk assessment and management.
Among others he holds the following professional certifications: ISACA: CRISC, CISM, CISA; (ISC)2 Certified Information Systems Security Professional (CISSP); PMI Project Management Professional (PMP), GIAC Systems and Network Auditor (GSNA); GIAC Assessing Wireless Networks (GAWN); BS 7799 Lead Auditor by BSI (British Standards Institution); EC-Council Certified Ethical Hacker (CeH); Optenet Certified Systems Engineer (OCSE); Sun SCNA and Sun SCSA.
October 2-3, 2013
Hotel Auditorium (Av. Aragón, 400) - Madrid