Developing Industrial Cyber Personnel Instead Of Chasing Purple Unicorns
Workshop Goals – Discussions and briefings on the purple unicorn, a term used to describe an ICS candidate that possesses the skills and experiences that are believed to be so rare, they are almost mythical. This workshop aims to dispel the myth that harnessing a purple unicorn is necessary to perform and maintain a solid cyber health.
- How can these rare unicorn-like skills and experiences, in industrial cybersecurity become more common place in current roles and responsibilities?
- What steps need to be taken to build your own ‘unicorn equivalent’ cyber-ready workforce?
- What standards, education, curriculum building steps are being taken to make sure the industrial cyber workforce does not need to rely solely on purple unicorns?
Establishing Standards and Impacting Economic and Workforce Development – This workshop is a follow-up of activities and developments from the ICS Community of Practice focused on industrial cybersecurity education, training and workforce development efforts to include government, academia, and industry. The Community integrates stakeholders and practitioners with similar interest in a consolidated framework, develop common views on career pathways in industrial cybersecurity, and map foundational pedagogical paradigms to educate and train our workforce.
Zachary (Zach) Tudor is the associate laboratory director of Idaho National Laboratory’s National and Homeland Security (N&HS) directorate. INL’s N&HS is a major center for national security technology development and demonstration, employing 550 scientists and engineers across $300 million in programs. N&HS is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection, Defense Systems and Homeland Security missions. These missions include safeguarding and securing vulnerable nuclear material, enhancing the overall security and resilience of the nation’s infrastructure, and providing protective system solutions and heavy manufacturing of armor for national defense. N&HS supports major programs for the Department of Defense (DOD), Department of Homeland Security (DHS) and the Intelligence Community.
Tudor was previously a program director in the Computer Science Laboratory at SRI International, where he served as a management and technical resource for operational and research and development cybersecurity programs for government, intelligence and commercial projects. He supported DHS’ Cyber Security Division on projects including the Linking the Oil and Gas Industry to Improve Cybersecurity consortium, and the Industrial Control Systems Joint Working Group. He has served as a member of the (ISC)2 Application Security Advisory Board and the NRC’s Nuclear Cyber Security Working Group, and vice chair of the Institute for Information Infrastructure Protection at George Washington University.
Prior to SRI, Tudor led a team of cybersecurity engineers and analysts directly supporting the Control Systems Security Program at DHS, whose mission is to reduce the cybersecurity risk to critical infrastructure systems. Past assignments include on-site deputy program manager for the National Reconnaissance Office’s worldwide operational network, information security manager for the Secretary of Defense Chief Information Officer Enterprise Operations Support Team; security management support for the Centers for Medicare and Medicaid Services; and several seniorl-evel consulting positions including vice president of SAIC’s Enabling Technology Division, and senior manager for DOD programs at BearingPoint’s Security Practice.
A retired U.S. Navy Submarine Limited Duty Electronics Officer and chief data systems technician, Tudor holds an M.S. in information systems concentrating in cybersecurity from George Mason University, where he also was an adjunct professor teaching graduate courses in information security.
Leo Simonovich is Vice President and Global Head of Industrial Cyber and Digital Security for Siemens Energy. He is responsible for setting the strategic direction for Siemens Energy’s industrial cyber security business worldwide. He identifies emerging market trends, works with customers and Siemens businesses to provide best-in-class cyber offerings, and contributes to the company’s thought leadership on the topic.
Previously, Leo led the cyber risk analytics practice area at the management consulting firm, Booz Allen Hamilton. He refined his expertise through his work with large government and commercial customers to improve their cyber risk posture.
Leo holds both a Masters in Global Finance and an MBA from the University of Denver.
Glenn Merrell, CAP is a senior industry consultant applying extensive experience in Industrial Control Systems (ICS), automation, safety, Critical Infrastructure Protection (CIP) and industrial security. Mr. Merrell is an ISA Certified Automation Professional with over 40 years of cross-sector multi-discipline expertise in industrial control systems, possessing a wide expertise base in real-time control systems including but not limited to electrical, Nuclear Power, instrumentation, process, manufacturing, machine and factory automation / Robotics, Safety Instrumented Systems (SIS), industrial networks, SCADA, ICS Cyber Security and many others.
Mr. Merrell has a wide range of cross-sector knowledge spanning many aspects of product and process development projects from stakeholder management, conceptualization through project deployment in North America and global regulatory environments. He has experience encompassing project management, hardware and software development, system testing, quality assurance and quality control, conformity in regulatory environments CFR/FERC/NERC CIP, system-production-product-process validation, hazard assessment/ risk mitigation, and process improvement. Mr. Merrell additionally performs European Union EC/CE compliance self-certification training and compliance in many areas of EU Directives involving ICS and the Machinery Directive.
His substantial client list includes GE/Baker Hughes, FMC, IBM, Siemens, Daimler / Mercedes Benz, Universal Studios, Miller Coors, Dicerna, Editas, Roche, AMGEN, Tolmar, MolyCorp, Maxtor, Ford Motor Company, General Motors, Kellogg, Armor Dial, Arizona Public Service, Gates Rubber Co., and many other companies.
To round out Mr. Merrell’s qualifications, he is an active standards committee member serving as co-chair of WG-08 & WG10- ISA99/IEC62443; ISA5 (symbols & diagrams), ISA18 (signals and alarms), ISA84 (functional safety / EEP), ISA/IEC 99/62443 (industrial automation control systems security) and ISA101 (HMI); he has participated as an ICS Cyber Security professional and ICSJWG member under the US Department of Homeland Security (DHS) ICS-CERT for Critical Infrastructure Protection (CIP) in Cross Sector industries assisting many Critical Infrastructure Protection Sector professional groups assisting many Critical Infrastructure Protection Sector professional organizations through Workforce Development, Vendor Supply Chain, R&D and International workgroups previously under the DHS Critical Infrastructure Protection Advisory Council (CIPAC).
Ralph Ley is the Workforce Development and Training Department Manager for the Infrastructure Assurance & Analysis Division within the National & Homeland Security Directorate. In that role, he supports the research, development and deployment of technologies directly related to the homeland security, critical infrastructure protection and resilience missions. Mr. Ley oversees a variety of online, mobile, and formal in-house training courses along with programs in direct contact with private sector businesses to resolve software vulnerabilities and publish findings.
From 2004-2017, Mr. Ley served within the Department of Homeland Security, Office of Infrastructure Protection (IP), where he held several positions, including Plans and Policies Branch Chief, Chief of the High Value Targets (HVT) Assessment Unit, managed IP’s overseas risk program initiatives with Canada and Great Britain, and was the Protective Security Advisor (PSA) for the Utah District from 2007-2017.
Prior to joining DHS, Ralph worked in the private sector as a Program Manager at a defense-based manufacturing company in Florida. He previously served 22 years in the U.S. Air Force working with Joint Special Operations Forces from around the globe.
Karen Wetzel joined the National Initiative for Cybersecurity Education (NICE) as Manager of the NICE Framework in October 2020. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. Karen specializes in identifying, communicating, and developing guidance around key issues, emerging trends, and opportunities of special interest. Prior to joining NICE, Karen was Director of the Community Groups and Working Groups programs at EDUCAUSE and served as Standards Program Manager for the National Information Standards Organization (NISO).
Sean McBride is the Industrial Cybersecurity Program Coordinator within the College of Technology at Idaho State University and Joint Appointee with Idaho National Laboratory. Within Idaho State University’s Energy Systems Technology Education Center (ESTEC) and functioning as a joint appointee with the Idaho National Laboratory, Sean McBride infuses engineering technology students with critical cybersecurity skills.
Sean joined ISU after leaving FireEye, where he developed the firm’s Industrial Control Systems (ICS) security business strategy. Sean’s professional accomplishments include pioneering work in threat and vulnerability intelligence, which evolved into the DHS ICS-CERT, and co-founding Critical Intelligence to focus on the unique intelligence needs of industrial entities.
Over the past decade, Sean has written extensively for his customers, provided expert analysis for the popular press, and briefed the results of his work at leading professional conferences such as RSA and S4.
Sean earned an MBA in the NSA Scholarship for Service Program at ISU in 2006. He earned a Masters in Global Management from Thunderbird – Arizona State University in 2010. He is a doctoral candidate at La Trobe University.
Eleanor Taylor is the Cybercore Program Manager for Workforce Development and University Partnerships within the National and Homeland Security (N&HS) directorate at Idaho National Laboratory (INL). In this role, she is responsible for accelerating and expanding interdisciplinary talent pipeline efforts to address critical control systems challenges across the nation. By leveraging INL’s deep expertise and best in class research facilities, including the Cybercore Integration Center University Lab, she leads initiatives designed to drive education innovations and workforce development opportunities across industry, academia and government partners. She serves as the N&HS point of contact for joint appointments, internships and strategic university engagements as well as supporting K-12 STEM related cyber activities including the Cybercore Summer Camp and Pi Café.
Taylor also works with several cyber associations and student organizations, including Women in Cybersecurity (WiCyS), where she leads a mentoring cohort.
Before joining INL in 2019, Taylor held several leadership positions, including Director of Board Relations for the University of Chicago, Chief of Staff for Argonne National Labo
Craig Cocciola leads the cyber range operations for the ABL Cyber Academy, a division of (ABL) Advanced Business Learning, Inc. He directs the company’s ongoing public and private sector consulting on cyber range use for skills development through “ready to run” and custom IT/OT training experiences. He has dedicated most of the past 21 of his 32 years in technology to ABL.
A few of Cocciola’s leadership roles are cyber and risk consultancy, guiding team managers in identifying, evaluating, and deploying business operation systems and client training resources. He leads the company’s GRC (governance, risk and compliance)to align business strategies to the appropriate levels of risk. In his previous Director role with ABL, he led a team to develop ABL Cyber Academy and the Cyber Range. Cocciola was responsible for the company’s development of skills-based training for students to ensure job readiness. His goal was to meet the higher demands for IT and cyber workforce requirements to prepare ABL graduates for employment. He brought the required hands-on experience needed, through the tasks and skills developed over time on the ABL Cyber Range. Cocciola’s newest ABL range addition now provides organization and individuals a cloud based, anywhere access resource. This range utilizes the NISTNICE Skills Mapping Framework to assess and provide measurement of skills attainment for cyber students and current operatives, based on the user’s defined job role. Craig Cocciola is an active member and Range provider to NACRA, the North American Cyber Range Alliance, and a collaborator with Arizona InfraGard. He has also logged hundreds of hours as an FAA licensed UAS drone pilot, both fixed wing and multi-rotor aircraft.
Keith Tresh is the Chief Information Security Officer for the State of Idaho, Information Technology Services. Keith is an experienced Military and public sector cybersecurity professional. He has over 15 years of experience in cybersecurity and almost 30 years of experience in information technology.
A retired Army colonel, Mr. Tresh was appointed by Governor Jerry Brown on October 6, 2016 as the commander of the California cybersecurity integration center (Cal-CSIC) within the Governor’s Office of Emergency Services where he served until November of 2018. Prior to his appointment as the commander of Cal-CSIC he was the chief information officer at the California High – Speed Rail Authority. Keith is a veteran C-level IT management professional with a passion for teaching and cybersecurity awareness. From 2014 to 2016 Keith was assigned as the chief information security officer (CISO) for the County of Orange, California. In 2011, Governor Brown appointed him to serve as California’s chief information security officer and director of the Office of Information Security (OIS) at the California Technology Agency. Prior to this appointment, Keith was the CIO/J6 for the California National Guard.
Keith Tresh served in the Army and the California National Guard (CNG) for more than 33 years including a combat tour in Iraq from 2005-2006. He holds a Master of Science degree in national security and strategic studies from the United States Army War College and a Master of Science in computer information systems from the University of Phoenix.
Dr. Paris Stringfellow is the Vice President for TrustWorks-aaS for the Cybersecurity Manufacturing Innovation Institute (CyManII) and an Associate Research Professor in Clemson’s Department of Industrial Engineering. She holds a PhD in Industrial Engineering and is also the Associate Director for the Center for Advanced Manufacturing at Clemson University. Her research focuses on reducing risk and improving resiliency of communities and organizations through human-centered design and data analytic approaches. Topics of interest include cybersecurity for advanced manufacturing and supply chains, education and workforce development for working professionals, human factors and user-centered design approaches, product development and entrepreneurship, and risk reduction through behavioral-based design in a variety of domains.
Cybersecurity Manufacturing Innovation Institute (CyManII) is an inclusive national Institute with 24 major leading universities in cybersecurity, smart and energy efficient manufacturing, and deep expertise in supply chains, factory automation, and workforce development. Led by The University of Texas at San Antonio, CyManII leverages the strongest Department of Energy National Laboratories in this area with Oak Ridge National Laboratory leading the nation in advanced manufacturing, Idaho National Laboratory leading in cybersecurity of industrial control systems and physical infrastructure, and Sandia National Laboratory leading the nation in cybersecurity of supply chain management. Funded by the DOE, CyManII aggregates the most advanced institutions in smart and advanced manufacturing, securing automation and supply chains, workforce development, and cybersecurity. This seminar presentation highlights the growing security and energy challenges for the US Manufacturing Industry, presents CyManII as a national initiative, and reviews potential areas of engagement for Clemson faculty and students.
Shane Stailey is a Senior Industrial Control Systems Cybersecurity Professional with three decades of success in learning, teaching, broadening, and applying information across multiple business streams with a spectrum of technical variety. Shane specializes in combining creative thinking, outside the box analysis, and practitioner level application to solve real world problems. As a first generation Master’s and Doctoral level educated professional he is well aware of the value that can come from merging ‘pure work’, ‘consistent learning’, and ‘determined perseverance’, despite life’s adversities, to reach professional and personal goals and accomplishments.
Undergraduate degree in Electrical Engineering Technology from NMSU. Graduate degrees include: Computer Information Systems, University of Phoenix; Master of Science in Management – Information Systems Security, Colorado Technical University. Post-graduate degree is Doctor of Computer Science – Information Assurance.
Credentials. ISC2: (CISSP) Certified Information Systems Security Professional-2010; EC-Council: (CEH) Certified Ethical Hacker-2014; Project Management Institute: (PMP) Project Management Professional-2019
Andrew Ohrt joined West Yost in 2019 to lead the Risk and Resilience Program. Over the course of Andrew’s 16-year career, he has assisted over 40 municipal and industrial clients build all-hazards resilience. The West Yost CCE program is the perfect intersection of Andrew’s resilience expertise, West Yost’s industry-leading cybersecurity practice, and extensive water system engineering expertise.
Andre Ristaino is the Managing Director of Global Alliances, Consortia and Conformance programs for the International Society of Automation (ISA) based in RTP, North Carolina. Starting in 2007, Mr. Ristaino developed ISA’s conformance certification programs including the ISASecure® control systems cybersecurity certification program that certifies automation and control system products to the IEC 62443 series of international standards. Mr. Ristaino directs ISA’s consortiums and alliances, including, ISA Security Compliance Institute, ISA Wireless Compliance Institute, ISAGCA, LOGIIC, FCG collaboration, OPAF collaboration, FDT collaboration, ISA Bulk Power Systems WG, Building Cybersecurity (BCS), and Fundacion Chile.
Mr. Ristaino is an international presenter on the ISA/IEC 62443 standards and automation/control systems security certifications. He is an invited expert to the ERNCIP in support of the EU control systems cybersecurity certification initiative, an advisor for an ORNL research project on malware in the bulk electric distribution network, an invited presenter on cybersecurity and wireless technology at ARC Forums and, has published articles in the ISA InTech magazine. Mr. Ristaino is collaborating with NEMA and the BCS in standing up a facilities certification program for certifying building management systems based on the ISA/IEC 62443 standards.
Prior to ISA, Mr. Ristaino held positions at NEMA, Renaissance Worldwide and, Deloitte’s Advanced Manufacturing Technology Group where he was a recognized leader in system lifecycle methodologies. Industries served include state and local government, utilities, USAF-LC, discrete manufacturing and, pharmaceutical and FDA regulated manufacturing sites.
Mr. Ristaino earned a BS in Business Management from the University of Maryland, College Park and an MS in Computer Systems Applications from the American University in Washington, DC with a focus on expert systems and artificial intelligence. Mr. Ristaino holds an APICS CPIM certification.
– Sean McBride
– Shane Stailey
– Ida Ngambeki
– Ralph Ley
– Diane Burley
– Wayne Austad
– John A. “Drew” Hamilton, Jr., Ph.D., is a professor of Computer Science and Engineering and Director of Mississippi State University’s Center for Cyber Innovation. Previously he served as Alumni Professor of Computer Science and Software Engineering at Auburn University where he established Auburn’s Cyber Security program. He is a Fellow and former President of the Society for Modeling & Simulation, International (SCS), and former Chair of ACM’s Special Interest Group on Simulation (SIGSIM).
– Frank J. Cilluffo is the director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. Cilluffo is a member of the Cyberspace Solarium Commission and the Department of Homeland Security’s Advisory Council, and he’s routinely called upon to advise senior officials in the executive branch, U.S. Armed Services, and state and local governments on an array of matters related to national and homeland security strategy and policy.
– Amy Shaw is the Director of Compliance, Risk and Security at Idaho Power Company. As Idaho Power’s Compliance, Risk & Security Director, Amy oversees the teams focused on the risk management, cyber security, physical security, regulatory compliance, and environmental compliance activities of the company. Amy has been with Idaho Power for over 15 years. Prior to joining Idaho Power, she worked in public accounting for Deloitte & Touche.