Crises strike fast, often without warning – whether through cyberattacks, supply chain disruptions, or global shocks. Drawing on experience from the FBI and homeland security, this keynote explores how leaders can prepare, respond, and build trust under pressure. Attendees will learn practical strategies to transform crisis into resilience and competitive strength.
.
– Claire Moravec, National Security & Public Safety Executive
.

• What are the primary challenges organizations face when implementing secure remote access in OT environments?
• How can organizations effectively balance the need for remote maintenance and third-party vendor access with the imperative to maintain robust security controls in OT systems? Where does segmentation and defence in depth fit into this balancing act, and what are some practical approaches?
• In what ways does adopting a zero-trust architecture enhance the security of remote access in OT systems, and how can it be combined with layered defence-in-depth strategies in industrial environments?
• What lessons can be drawn from real-world OT remote access breaches, and how can continuous monitoring, anomaly detection, and vulnerability assessment accelerate response and recovery?

– Moderator: Dr. Ed Harris, Global Director Information Security, Mauser Packaging Solutions
– Brian Jones, Senior ICS Security Manager, Avery Dennison Corporation
– Isaac Guevara, Senior Solutions Engineer, Nozomi Networks
– Chet Namboodri, VP North America, Secomea
– David Ruzicka, OT Security Director, Clarios
.

Join this session to uncover key challenges, solutions and lessons learned around:

• Identifying attack paths with the potential to materially impact critical business processes
• Surgically prioritizing efforts based on ability to disrupt attack paths without disrupting business operations
• Optimizing cross-functional relationships and communicating executive-level progress and priorities

– Curtis Simpson, CISO, Armis
.

In today’s manufacturing environments, CISOs face increasing pressure to secure both IT and OT systems. But with limited resources, infinite vulnerabilities, and complex legacy infrastructure, how do you right-size security? We’ll explore how to assess and implement an appropriate level of security by prioritizing, aligning with business objectives, and making informed trade-offs. From foundational frameworks to integrating IT and OT into a unified security program, we’ll discuss how to set realistic expectations, communicate with leadership, and make measurable progress – even if you’re starting from scratch.
.
– Betsy Wille, CISO, Fresenius Medical Care
.

Generic credentials and sticky-note passwords create massive security gaps in manufacturing environments. In this session we’ll cover the business risks of shared logins on the shopfloor, why they persist despite vulnerabilities, and 5 core approaches through which shared password risks can be eliminated.
.
– Mohit Garg ,Co-founder & CEO, OLOID
.

Aging control systems, obsolete network infrastructure, and decades-old plant floor technology are colliding with a surge in connected devices – all in the name of data visibility. The result? A rapidly expanding attack surface that’s drawing the attention of bad actors across every industry.
In this high-impact session, we will share:

• How the NIST Cybersecurity Framework serves as a foundational approach to OT security
• Why a baseline roadmap is key to building a resilient, multi-year cybersecurity strategy
• A real-world use case that shows how risk can be minimized in complex industrial environments
• How to turn cybersecurity efforts into actionable, measurable results that drive real business value

Whether you’re just starting your OT security journey or looking to level up your existing program, this presentation will deliver practical insights you can put to work immediately.
.
– Shannon McKay, Regional VP, Global Digital & Cybersecurity Services, Rockwell Automation
.

Legacy processes in manufacturing can quietly resist progress – even when the best tools and talent are in place. In this session, we’ll share our ongoing journey of updating outdated practices and, more importantly, how we brought people along for the ride. From redesigning processes to making complying with OT security policies easier than resisting them – and more rewarding – we’ll walk through the strategies, pitfalls, and metrics that defined our success. This is a real-world case study in turning process change into a culture shift, where people become your strongest ally.
.
– Robert Mitera, Associate Director, Global Cybersecurity Attack Surface Management, Baxter International Inc
.

When we talk about asset management, how deep into the network are we going? How do we do discovery without visibility? In this session you will learn about the foundation of OT asset management – a comprehensive automated OT asset inventory – and its major use cases in reducing cyber security vulnerabilities, address the business continuity risk that comes from OT product obsolescence, and leverage standard hardware and software configurations that can be audited easily.
.
– TaVonne Harris, VP Solutions, OTbase
.

Join this session as we look into how to leverage AI as a powerful tool for cyber defense:
.

• Discover how AI can enhance visibility and control across OT environments, enabling faster detection and response to evolving cyber threats
• Explore how AI can support compliance, reduce downtime, and empower security teams with actionable insights tailored to manufacturing environments

– Carlos Sanchez, Sr Director, OT Solutions, Fortinet
.

Financial quantification helps reveal the probability and potential impact of a major cybersecurity event. But with traditional qualitative approaches, justification of cyber investments struggle due to high subjectivity and lack of defensible data. Financial quantification of cyber risk, or Cyber Risk Quantification (CRQ), is an emerging field that few have applied to ICS and OT environments. In this presentation, we will look at some of the following use-cases:

• Justification of cybersecurity investments for OT
• Prioritization of risk mitigation projects and vulnerability management
• Executive & board reporting
• Risk transfer

Additionally, we’ll address how cybersecurity financial metrics can support different roles in the business (e.g., cyber team, CISO, Finance, Insurance) to assist with cybersecurity decision-making.
.
– Donovan Tindill, Director of OT Cybersecurity, DeNexus
.

• How do you determine how much security is “enough” for your OT environment?
• When is it justifiable to shut down operations for architectural improvements, and how do you make that case?
• How can security leaders effectively communicate risk in operational terms that resonate with business stakeholders?
• What framing or techniques have you found most effective for gaining executive support and aligning on security goals?

– Moderator: Christian Harter, BISO OT & Director of OT Security and Engineering, UPS
– Jacob McLein, VP, Enterprise Information Security, Southwire Company
– Timothy Kovacik, Director, Global Operational Security Lead, Kerry Group
.

Most secure remote access tools promise to “reduce risk” and “enable Zero Trust,” but stop short of delivering measurable, day-to-day operational gains – especially in industrial environments. This session moves past marketing theory and into the plant floor reality.
Through six real-world customer stories, we’ll explore how Cyolo helped organizations not only close critical security gaps, but also accelerate maintenance, improve uptime, and simplify operations.
.
– Ian Cuthbertson, VP of Global System Engineering, Cyolo
.

After 20 years of managing thousands of firewall rules, countless VLANs, and watching segmentation projects fail; manufacturing security leaders are discovering a better way. Join a candid fireside chat between a Fortune 500 security director and solutions architect as they dissect why traditional segmentation created more problems than it solved, and how modern identity-based approaches are finally delivering results. This conversation reveals the unfiltered truth: how discovering critical robots on wrong network segments triggered a transformation; why months of simulation beats rushing to enforcement; and how to bridge the trust gap between IT, Security, and OT teams with competing priorities. Learn how CISA mandates transformed segmentation from “someday” to “now,” why traditional approaches created Swiss cheese networks full of security gaps, and practical strategies for implementing modern microsegmentation without disrupting 24/7 production. No theory, no vendor pitches – just battle-tested insights from the factory floor on achieving real security without sacrificing operational excellence.
.
– Nathan Myrold, Senior Director of Cybersecurity, Stanley Black & Decker Inc.
– Phil Davis, Senior Solutions Architect, Elisity
.

More and more asset owners are jumping on the “red team” bandwagon, convinced they need an internal offensive security program for their OT environments. But do they really? In this blunt and practical talk, we’ll challenge the assumptions that lead organizations down this high-risk, low-reward path without the foundational controls to support it. We’ll unpack the common misconceptions, like thinking OT networks can even be “tested” like IT. Along the way, we’ll expose the blind spots in visibility, the lack of segmentation, and the overconfidence in vendor-supplied protections that make many OT environments unfit for bothering with offensive exercises.
Whether you’re an ICS engineer, CISO, or just trying to make sense of the hype, this talk will help you separate real readiness from risky wishful thinking and offer grounded alternatives for building a resilient OT security program before you bring in the red team.
.
– Johnny Xmas, CISSP, GIAC-GPEN, Global Head of Offensive Security
.

Gaining a clear view of assets is the critical first step, but visibility alone doesn’t prevent breaches, reconfigurations, or operational disruption. As cyberattacks on industrial systems continue to escalate, relying solely on patch lists or post-incident forensics is no longer enough. This session will share practical, low-risk, and non-disruptive strategies that go beyond visibility to achieve real protection. Attendees will learn how to safeguard legacy systems without downtime, apply OT network segmentation to limit exposure, and implement proactive protection strategies that strengthen business continuity.
.
– Debbie Lay, Principal Solutions Engineer, TXOne Networks
.

According to 2025 Zscaler ThreatLabz research, the manufacturing industry has consistently been the single largest target of ransomware attacks. Despite millions spent on traditional security, cyberattackers are compromising factories at record levels. How? Lateral movement.
Join this session and learn:

• How to achieve end-to-end zero trust segmentation without bringing down a single endpoint
• Which legacy security solutions you can now safely remove to reduce cost and sprawl

You’ll gain an actionable strategy to improve uptime and operational safety while massively shrinking the factory attack surface.
.
– Deepak Patel, Senior Director, Product Management OT, Zscaler
.

T1: Conversations Around Building a Cyber Resilient OT Program
.
How can organizations strengthen OT environments against evolving cyber threats while maintaining safety, uptime, and compliance? Join this discussion to hear how industry leaders are rethinking resilience. Explore practical frameworks, lessons learned, and actionable steps to build a robust, adaptive cyber resilience strategy that protects critical operations.
.
– J.D. Perham, Enterprise Solutions Architect, Acronis
.
T2: SAP Security Made Easy: Practical Approaches for Manufacturing Organizations
.
This session will cut through the complexity of SAP security and provide you with actionable strategies to simplify your organization’s security landscape. Learn how to streamline your SAP security operations, reduce risk, and achieve a more secure environment without unnecessary headaches.
.
– Sean Thorne, VP of Customer Success, Onapsis
.
T3: Exploring the Critical Role of Phishing-Resistant Authentication: The Frontline of IT & OT Defense
.
Wondering how to protect legacy, modern and shared systems – while managing third-party risk? Join our interactive session to learn how Schneider Electric and an Asia-Pacific energy leader boosted cyber resilience and advanced Zero Trust and the key steps you can take to minimize exposure to modern threats and secure critical operations.
.
– David Papp, Senior Solutions Engineer, Yubico
.
T4: Inside-Out Security: Protecting Crown Jewels When the Perimeter is Already Breached
.
Federal standards emphasize broad controls such as MFA, EDR, and PAM, but attackers often get inside anyway. What practical “inside-out” methods are peers using to keep their most sensitive systems safe when breaches are inevitable? We’ll provide real-world data on attack patterns to seed discussion.
.
– Keith Casey, Cybersecurity & Identity Strategist, Keystrike
.
T5: Factory Modernization: Are You Really Ready?
.
Developing a comprehensive strategy for modernizing a manufacturing factory can be a real challenge… Upgrading equipment with Industry 4.0 innovations, enhancing worker skills, and streamlining production workflows are all things that need to be considered. All while addressing the financial, regulatory & compliance and security impacts while ensuring alignment with your long-term business goals and investments. Join a candid discussion on the above & more.
.
– Bill Nazario, Principal Consultant, Orange CyberDefense
.
T6: Hardening OT Networks: What’s Worth Securing and Why
.
Not all network segments are created equal. We’ll break down the principles of OT network hardening with a focus on practicality. We’ll discuss where it matters most, what actions provide the biggest risk reduction for the least effort, and how to improve security without halting production or overwhelming your team.
.
– Shannon Friedman, Senior Solutions Engineer, Claroty
.

• With the rise of ransomware and nation-state threats, how can we balance operational continuity with robust cybersecurity controls in our supply chains?
• Where have third-party risk programs fallen short? How can we realign them to include both IT vendors and non-IT vendors?
• How should we rethink risk ownership and accountability in these vendor relationships?
• What frameworks and tools have proved effective in building end-to-end visibility and resilience across physical and digital supply chain nodes?

– Dr. Gabriela Ciocarlie, CTO, CyManII
– Patrick Dunphy, Head of Cybersecurity, Omron Management Center of America
– Michael Spaulding, Sr. Director of IT Operations, Security and Infrastructure Services, Bob Evans Farms
– Zefren Edior, Director of Security Strategy and Risk Management, Fortress
– Albert Rooyakkers, SVP, Partnerships, INTEGRITY Security Services
.