Establishing Standards And Impacting Economic And Workforce Development
This workshop is a follow-up of activities and developments from the ICS Community of Practice focused on industrial cybersecurity education, training and workforce development efforts to include government, academia, and industry. The Community integrates stakeholders and practitioners with similar interest in a consolidated framework, develop common views on career pathways in industrial cybersecurity, and map foundational pedagogical paradigms to educate and train our workforce.
- Foster creation and maintenance of industrial cybersecurity education and training standards.
- Establish a repository of existing training and education materials.
- Document gaps for further development (based on preliminary studies and assessments of curriculum and standards).
- Exchange ideas to implement training and education standards.
- Build and maintain relationships of trust for standards creation and maintenance across diverse institutions and educators including DHS, DOE, DOD, academia, and commercial entities.
Tuesday, November 18, 2021
10:00 AM – 2:00 PM MST
(12:00 AM – 4:00 PM EST)
Virtual online event
Once registration is confirmed, virtual links
and information will follow.
For more information on the ICS Community of Practice: https://inl.gov/icscop/
Zachary (Zach) Tudor is the associate laboratory director of Idaho National Laboratory’s National and Homeland Security (N&HS) directorate. INL’s N&HS is a major center for national security technology development and demonstration, employing 550 scientists and engineers across $300 million in programs. N&HS is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection, Defense Systems and Homeland Security missions. These missions include safeguarding and securing vulnerable nuclear material, enhancing the overall security and resilience of the nation’s infrastructure, and providing protective system solutions and heavy manufacturing of armor for national defense. N&HS supports major programs for the Department of Defense (DOD), Department of Homeland Security (DHS) and the Intelligence Community.
Tudor was previously a program director in the Computer Science Laboratory at SRI International, where he served as a management and technical resource for operational and research and development cybersecurity programs for government, intelligence and commercial projects. He supported DHS’ Cyber Security Division on projects including the Linking the Oil and Gas Industry to Improve Cybersecurity consortium, and the Industrial Control Systems Joint Working Group. He has served as a member of the (ISC)2 Application Security Advisory Board and the NRC’s Nuclear Cyber Security Working Group, and vice chair of the Institute for Information Infrastructure Protection at George Washington University.
Prior to SRI, Tudor led a team of cybersecurity engineers and analysts directly supporting the Control Systems Security Program at DHS, whose mission is to reduce the cybersecurity risk to critical infrastructure systems. Past assignments include on-site deputy program manager for the National Reconnaissance Office’s worldwide operational network, information security manager for the Secretary of Defense Chief Information Officer Enterprise Operations Support Team; security management support for the Centers for Medicare and Medicaid Services; and several seniorl-evel consulting positions including vice president of SAIC’s Enabling Technology Division, and senior manager for DOD programs at BearingPoint’s Security Practice.
A retired U.S. Navy Submarine Limited Duty Electronics Officer and chief data systems technician, Tudor holds an M.S. in information systems concentrating in cybersecurity from George Mason University, where he also was an adjunct professor teaching graduate courses in information security.
Diana L. Burley, Ph.D., is Vice Provost for Research at American University (AU) where she is also Professor of Public Administration and Policy and Professor of IT & Analytics. Named one of SC Magazine’s Eight Women in IT Security to Watch in 2017 and the 2017 SC Magazine ReBoot awardee for educational leadership in IT security, Dr. Burley is a cybersecurity expert who regularly conducts cybersecurity training for executives across North America, Asia, Europe and the Middle East on managing cybersecurity risk, assessing the threat environment, and strengthening organizational cybersecurity posture.
She has testified before Congress, is a member of the US National Academies Board on Human-Systems Integration, and an affiliated researcher with the Cyber Operations Group of the Johns Hopkins University Applied Physics Laboratory. Prior to AU, Dr. Burley was a professor at George Washington University where she directed the Institute for Information Infrastructure Protection (I3P) – a 26-member national consortium dedicated to strengthening the cyber infrastructure of the United States. She led the Cyber Corps program and managed a multi-million-dollar computer science education and research portfolio for the US National Science Foundation, and has written over 90 publications on cybersecurity, information sharing, and IT-enabled change; including her 2014 co-authored book “Enterprise Software Security: A Confluence of Disciplines.”
Honors include: 2016 Woman of Influence- by the Executive Women’s Forum in Information Security, Risk Management and Privacy; the 2014 Cybersecurity Educator of the Year; and a 2014 Top Ten Influencer in information security careers. She is the sole recipient of both educator of the year and government leader of the year awards from the Colloquium for Information Systems Security Education and has been honored by the U.S. Federal CIO Council for her work on developing the federal cyber security workforce.
She holds a BA in Economics from the Catholic University of America; M.S. in Public Management and Policy, M.S. in Organization Science, and Ph.D. in Organization Science and Information Technology from Carnegie Mellon University where she studied as a Woodrow Wilson Foundation Fellow.
Steve Mustard is an industrial automation consultant with extensive technical and management experience across multiple sectors. He is a licensed Professional Engineer (PE), ISA Certified Automation Professional® (CAP®), UK registered Chartered Engineer (CEng), European registered Engineer (Eur Ing), GIAC Global Industrial Cyber Security Professional (GICSP), and Certified Mission Critical Professional (CMCP).
Backed by 30 years of engineering experience, Mustard specializes in the development and management of real-time embedded equipment and automation systems and cybersecurity risk management related to those systems. He serves as president of National Automation, Inc. Mustard is the 2021 President of the International Society of Automation (ISA), a board member of the Mission Critical Global Alliance (MCGA), and a member of the Water Environment Federation (WEF) Safety and Security Committee.
Pedro M. Allende is Founder of Bletchley Advisors and a member of the Florida Cybersecurity Advisory Council. From 2017 to 2021, he held various senior roles in government as Deputy Assistant Secretary for Infrastructure, Risk, and Resilience Policy at the Department of Homeland Security, Counselor to the Secretary of Labor, and Senior Advisor at the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response. Before government service, Pedro was an attorney at Boies Schiller Flexner LLP where he started the firm’s data privacy and cybersecurity practice and defended Fortune 500 companies in high-stakes litigation. Pedro has a Masters’ degree in Decision and Information Science, a Juris Doctor, and Bachelors degrees in Economics and Political Science–all from the University of Florida. He lives in Miami with his wife and daughters.
Sean Plankey is the Director of Cyber Missions at the world’s leading AI Cloud Company, DataRobot. In this role, he provides avenues to utilize the power of AI to solve cybersecurity problems. Before DataRobot, Sean was the US government senior executive at the Department of Energy in charge of protecting the US energy sector from cyber attacks. He has also served at the White House as a Director for Cyber Policy with the National Security Council, and as a cybersecurity executive in industry. He is a military veteran and graduate of the University of Pennsylvania and United States Coast Guard Academy.
Dr. Ida Ngambeki is an Assistant Professor of Computer and Information Technology at Purdue University. She is the Executive Director of the Purdue Cybersecurity Education Training Network and Resources and Director of the Cybersecure Behavior Lab. Dr. Ngambeki graduated from Smith College with a B.S. in Engineering and from Purdue University with a PhD in Engineering Education. Dr. Ngambeki’s key areas of research interest include: cybersecure behavior, social engineering, cybersecurity education, cybersecurity policy, and cybersecurity workforce development. Dr. Ngambeki’s current research projects include: developing of curriculum guidance documents and a hub and spoke infrastructure for Industrial Control Systems Security, developing a self-directed learning platform for secure programming, developing a cybersecurity apprenticeship program, and developing an AI based humor integrated social engineering training tool. Dr. Ngambeki has developed courses in Social Engineering, Cyber Law and Cyber Ethics.
Andre Ristaino is the Managing Director of Global Alliances, Consortia and Conformance programs for the International Society of Automation (ISA) based in RTP, North Carolina. Starting in 2007, Mr. Ristaino developed ISA’s conformance certification programs including the ISASecure® control systems cybersecurity certification program that certifies automation and control system products to the IEC 62443 series of international standards. Mr. Ristaino directs ISA’s consortiums and alliances, including, ISA Security Compliance Institute, ISA Wireless Compliance Institute, ISAGCA, LOGIIC, FCG collaboration, OPAF collaboration, FDT collaboration, ISA Bulk Power Systems WG, Building Cybersecurity (BCS), and Fundacion Chile.
Mr. Ristaino is an international presenter on the ISA/IEC 62443 standards and automation/control systems security certifications. He is an invited expert to the ERNCIP in support of the EU control systems cybersecurity certification initiative, an advisor for an ORNL research project on malware in the bulk electric distribution network, an invited presenter on cybersecurity and wireless technology at ARC Forums and, has published articles in the ISA InTech magazine. Mr. Ristaino is collaborating with NEMA and the BCS in standing up a facilities certification program for certifying building management systems based on the ISA/IEC 62443 standards.
Prior to ISA, Mr. Ristaino held positions at NEMA, Renaissance Worldwide and, Deloitte’s Advanced Manufacturing Technology Group where he was a recognized leader in system lifecycle methodologies. Industries served include state and local government, utilities, USAF-LC, discrete manufacturing and, pharmaceutical and FDA regulated manufacturing sites.
Mr. Ristaino earned a BS in Business Management from the University of Maryland, College Park and an MS in Computer Systems Applications from the American University in Washington, DC with a focus on expert systems and artificial intelligence. Mr. Ristaino holds an APICS CPIM certification.
Geri McGrath is a Senior Global Strategy and Operations Executive with over 25 years of experience in Information Technology (IT). She has built a successful career in partnerships, alliances, sales, business development, organizational development and process transformation from small startups to fortune 500 companies. She is passionate about workforce development, having volunteered in the classroom for several years to teach STEM courses and aligning with organizations to promote awareness across diverse constituencies.
Geri is currently the Director of Global Education & Workforce Development at the International Society of Automation (ISA) where she focuses on promoting education initiatives for Industrial Cybersecurity and Automation. She is excited to be involved in the digital transformation journey including the convergence of IT and OT and creating awareness and interest in the associated career opportunities.
Rodney Petersen is the director of the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce. He previously served as the Managing Director of the EDUCAUSE Washington Office and a Senior Government Relations Officer. He founded and directed the EDUCAUSE Cybersecurity Initiative and was the lead staff liaison for the Higher Education Information Security Council. Prior to joining EDUCAUSE, he worked at two different times for the University of Maryland – first as Campus Compliance Officer in the Office of the President and later as the Director of IT Policy and Planning in the Office of the Vice President and Chief Information Officer. He also completed one year of federal service as an Instructor in the Academy for Community Service for AmeriCorps’ National Civilian Community Corps. He is the co-editor of a book entitled “Computer and Network Security in Higher Education”. He received his law degree from Wake Forest University and bachelors degrees in political science and business administration from Alma College. He was awarded a certificate as an Advanced Graduate Specialist in Education Policy, Planning, and Administration from the University of Maryland.
Karen Wetzel joined the National Initiative for Cybersecurity Education (NICE) as Manager of the NICE Framework in October 2020. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. Karen specializes in identifying, communicating, and developing guidance around key issues, emerging trends, and opportunities of special interest. Prior to joining NICE, Karen was Director of the Community Groups and Working Groups programs at EDUCAUSE and served as Standards Program Manager for the National Information Standards Organization (NISO).
Sean McBride is the Industrial Cybersecurity Program Coordinator within the College of Technology at Idaho State University and Joint Appointee with Idaho National Laboratory. Within Idaho State University’s Energy Systems Technology Education Center (ESTEC) and functioning as a joint appointee with the Idaho National Laboratory, Sean McBride infuses engineering technology students with critical cybersecurity skills.
Sean joined ISU after leaving FireEye, where he developed the firm’s Industrial Control Systems (ICS) security business strategy. Sean’s professional accomplishments include pioneering work in threat and vulnerability intelligence, which evolved into the DHS ICS-CERT, and co-founding Critical Intelligence to focus on the unique intelligence needs of industrial entities.
Over the past decade, Sean has written extensively for his customers, provided expert analysis for the popular press, and briefed the results of his work at leading professional conferences such as RSA and S4.
Sean earned an MBA in the NSA Scholarship for Service Program at ISU in 2006. He earned a Masters in Global Management from Thunderbird – Arizona State University in 2010. He is a doctoral candidate at La Trobe University.
Glenn Merrell, CAP is a senior industry consultant applying extensive experience in Industrial Control Systems (ICS), automation, safety, Critical Infrastructure Protection (CIP) and industrial security. Mr. Merrell is an ISA Certified Automation Professional with over 40 years of cross-sector multi-discipline expertise in industrial control systems, possessing a wide expertise base in real-time control systems including but not limited to electrical, Nuclear Power, instrumentation, process, manufacturing, machine and factory automation / Robotics, Safety Instrumented Systems (SIS), industrial networks, SCADA, ICS Cyber Security and many others.
Mr. Merrell has a wide range of cross-sector knowledge spanning many aspects of product and process development projects from stakeholder management, conceptualization through project deployment in North America and global regulatory environments. He has experience encompassing project management, hardware and software development, system testing, quality assurance and quality control, conformity in regulatory environments CFR/FERC/NERC CIP, system-production-product-process validation, hazard assessment/ risk mitigation, and process improvement. Mr. Merrell additionally performs European Union EC/CE compliance self-certification training and compliance in many areas of EU Directives involving ICS and the Machinery Directive.
His substantial client list includes GE/Baker Hughes, FMC, IBM, Siemens, Daimler / Mercedes Benz, Universal Studios, Miller Coors, Dicerna, Editas, Roche, AMGEN, Tolmar, MolyCorp, Maxtor, Ford Motor Company, General Motors, Kellogg, Armor Dial, Arizona Public Service, Gates Rubber Co., and many other companies.
To round out Mr. Merrell’s qualifications, he is an active standards committee member serving as co-chair of WG-08 & WG10- ISA99/IEC62443; ISA5 (symbols & diagrams), ISA18 (signals and alarms), ISA84 (functional safety / EEP), ISA/IEC 99/62443 (industrial automation control systems security) and ISA101 (HMI); he has participated as an ICS Cyber Security professional and ICSJWG member under the US Department of Homeland Security (DHS) ICS-CERT for Critical Infrastructure Protection (CIP) in Cross Sector industries assisting many Critical Infrastructure Protection Sector professional groups assisting many Critical Infrastructure Protection Sector professional organizations through Workforce Development, Vendor Supply Chain, R&D and International workgroups previously under the DHS Critical Infrastructure Protection Advisory Council (CIPAC).
Ralph Ley is the Workforce Development and Training Department Manager for the Infrastructure Assurance & Analysis Division within the National & Homeland Security Directorate. In that role, he supports the research, development and deployment of technologies directly related to the homeland security, critical infrastructure protection and resilience missions. Mr. Ley oversees a variety of online, mobile, and formal in-house training courses along with programs in direct contact with private sector businesses to resolve software vulnerabilities and publish findings.
From 2004-2017, Mr. Ley served within the Department of Homeland Security, Office of Infrastructure Protection (IP), where he held several positions, including Plans and Policies Branch Chief, Chief of the High Value Targets (HVT) Assessment Unit, managed IP’s overseas risk program initiatives with Canada and Great Britain, and was the Protective Security Advisor (PSA) for the Utah District from 2007-2017.
Prior to joining DHS, Ralph worked in the private sector as a Program Manager at a defense-based manufacturing company in Florida. He previously served 22 years in the U.S. Air Force working with Joint Special Operations Forces from around the globe.
Greg Bastien is the Team Lead, Academics Section, of the CISA Cyber Defense, Education and Training (CDET) Branch working out of the Idaho National Laboratory. Greg has been with CISA since 2016 and comes to CDET from the Office of the Chief Technology Officer. Prior to working at CISA, Mr. Bastien spent 15 years at the U.S. Department of State as a Senior Network Engineer. Mr. Bastien has a significant background in Enterprise Network Engineering and Network Infrastructure Security. Mr. Bastien co-authored several books for Cisco Press. Greg was an Army Helicopter flight instructor and participated in Operation Desert Shield/Desert Storm. He holds a Bachelor of Science degree and Master of Aeronautical Science degree from Embry-Riddle Aeronautical University.
John Ellis has 10 years of experience in global customer-centric strategic and business roles with a focus on relationship building, commercial intelligence, strategic advisory, and transforming technological innovation into business success. In his current role as the Global Head of Industrial Cyber Alliances at Siemens Energy, he works to develop partnerships between industry, academia, and government to solve some of the most challenging critical infrastructure cybersecurity challenges. John holds a BS in Mechanical Engineering and an MS in Engineering Management from the University of Maryland Baltimore County, an MBA from Johns Hopkins Carey Business School, and an MPS in Cybersecurity and Information Assurance from Penn State.
Dr. Paris Stringfellow is the Vice President for TrustWorks-aaS for the Cybersecurity Manufacturing Innovation Institute (CyManII) and an Associate Research Professor in Clemson’s Department of Industrial Engineering. She holds a PhD in Industrial Engineering and is also the Associate Director for the Center for Advanced Manufacturing at Clemson University. Her research focuses on reducing risk and improving resiliency of communities and organizations through human-centered design and data analytic approaches. Topics of interest include cybersecurity for advanced manufacturing and supply chains, education and workforce development for working professionals, human factors and user-centered design approaches, product development and entrepreneurship, and risk reduction through behavioral-based design in a variety of domains.
Cybersecurity Manufacturing Innovation Institute (CyManII) is an inclusive national Institute with 24 major leading universities in cybersecurity, smart and energy efficient manufacturing, and deep expertise in supply chains, factory automation, and workforce development. Led by The University of Texas at San Antonio, CyManII leverages the strongest Department of Energy National Laboratories in this area with Oak Ridge National Laboratory leading the nation in advanced manufacturing, Idaho National Laboratory leading in cybersecurity of industrial control systems and physical infrastructure, and Sandia National Laboratory leading the nation in cybersecurity of supply chain management. Funded by the DOE, CyManII aggregates the most advanced institutions in smart and advanced manufacturing, securing automation and supply chains, workforce development, and cybersecurity. This seminar presentation highlights the growing security and energy challenges for the US Manufacturing Industry, presents CyManII as a national initiative, and reviews potential areas of engagement for Clemson faculty and students.
Shane Stailey is a Senior Industrial Control Systems Cybersecurity Professional with three decades of success in learning, teaching, broadening, and applying information across multiple business streams with a spectrum of technical variety. Shane specializes in combining creative thinking, outside the box analysis, and practitioner level application to solve real world problems. As a first generation Master’s and Doctoral level educated professional he is well aware of the value that can come from merging ‘pure work’, ‘consistent learning’, and ‘determined perseverance’, despite life’s adversities, to reach professional and personal goals and accomplishments.
Undergraduate degree in Electrical Engineering Technology from NMSU. Graduate degrees include: Computer Information Systems, University of Phoenix; Master of Science in Management – Information Systems Security, Colorado Technical University. Post-graduate degree is Doctor of Computer Science – Information Assurance.
Credentials. ISC2: (CISSP) Certified Information Systems Security Professional-2010; EC-Council: (CEH) Certified Ethical Hacker-2014; Project Management Institute: (PMP) Project Management Professional-2019
Wayne Austad is the Chief Technology Officer for the National and Homeland Security Directorate at Idaho National Laboratory (INL) and Chief R&D Officer for CyManII, a Manufacturing USA institute focused on economically viable and pervasive cybersecurity in automation and supply chain. Wayne leads the Secure & Resilient Physical Systems Initiative was previously the Technical Director of INL’s Cybercore Integration Center and created the original Cybercore Program Office and led outreach to national labs and academic institutions to build a collaborative, interdisciplinary teaming environment. He is the founding Chair of the Cyber Partnership for Advancing Resilient Control Systems (CyberPARC), a formal, self-organized collaboration between INL, Pacific Northwest National Laboratory, and Sandia National Laboratories.
Previously, as Director of INL’s Mission Support Center, he led a senior technical group that developed new methods for analysis of targeted cyber threats, provided technical context for mitigation priorities, and created new paradigms for information sharing between industry infrastructure owners, threat analysis teams, and government leaders. He also served as the Director of the Special Programs Division, which developed special technology and analysis for Defense and Intelligence agencies in advanced materials, trace detection, nuclear nonproliferation, electronic warfare modeling, information operations, and wireless communications systems.
Mr. Austad was the founding program manager for communications research programs at INL, coordinating multi-customer efforts to create the industry-scale Wireless Test Bed to evaluate the interoperability, performance, and security of new technologies within INL’s Critical Infrastructure Test Range Complex. As a past group lead for INL’s cybersecurity R&D organization, he was technical consultant to Department of Homeland Security Control Systems Security Test Center (pre-cursor to ICS-CERT) and the DOE’s Supervisory Control and Data Acquisition (SCADA) Test Bed; and led several discretionary research projects to systematically assess vulnerabilities in power SCADA systems and design innovative protective solutions. He started his career at INL in Artificial Intelligence & Simulation, working on hybrid neural network / expert systems, machine health monitoring, and 3D simulation environments for real-time robotic control.
Mr. Austad graduated with a MSEE and BSEE from the University of Wyoming with emphasis in Digital Signal Processing and Computer Engineering.
– Sean McBride
– Shane Stailey
– Ida Ngambeki
– Ralph Ley
– Diane Burley
– Wayne Austad
– John A. “Drew” Hamilton, Jr., Ph.D., is a professor of Computer Science and Engineering and Director of Mississippi State University’s Center for Cyber Innovation. Previously he served as Alumni Professor of Computer Science and Software Engineering at Auburn University where he established Auburn’s Cyber Security program. He is a Fellow and former President of the Society for Modeling & Simulation, International (SCS), and former Chair of ACM’s Special Interest Group on Simulation (SIGSIM).
– Frank J. Cilluffo is the director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. Cilluffo is a member of the Cyberspace Solarium Commission and the Department of Homeland Security’s Advisory Council, and he’s routinely called upon to advise senior officials in the executive branch, U.S. Armed Services, and state and local governments on an array of matters related to national and homeland security strategy and policy.
– Amy Shaw is the Director of Compliance, Risk and Security at Idaho Power Company. As Idaho Power’s Compliance, Risk & Security Director, Amy oversees the teams focused on the risk management, cyber security, physical security, regulatory compliance, and environmental compliance activities of the company. Amy has been with Idaho Power for over 15 years. Prior to joining Idaho Power, she worked in public accounting for Deloitte & Touche.