• Nation-state threats: Given recent examples of nation-state adversaries targeting industrial control systems and critical sectors, what collaborative models between government and private sector show the most promise for deterrence and rapid response?
• Expanding attack surface vs realistic priorities: With hyper-connectivity and digital dependencies accelerating faster than cybersecurity defenses, and adversaries increasingly combining cyber and physical tactics, how should critical infrastructure organizations figure out what to realistically expect and prepare for in the context of their environments and businesses?
• Agentic AI: How are adversaries leveraging agentic AI, and what strategies should defenders adopt to counteract such threats effectively?
• Future preparedness: What are the most urgent steps we must take today – whether in policy, technology, or workforce development – to safeguard national security, economic prosperity, and public safety? How should CISOs of critical infrastructure companies prioritize investments to reduce systemic risk?
.
– Moderator: Tatyana Bolton, Executive Director, Operation Technology Cybersecurity Coalition
– Peter Fletcher, VP, Information Security Officer, H2O America
– Joseph Couture, Regional ISO Americas & CISO United States, Ørsted
– Dylan Coiro, OT Solutions Architect, Darktrace
– Gustavo Arias, Field CTO – Americas, Trellix
– Christopher Trifiletti, FBI (Retired), InfraGard St. Louis
.

Historically, OT cyber monitoring has focused on detecting anomalies in network traffic. While this approach may have sufficed in the past, it now provides only a partial view of the threat landscape, lacking critical context. Organizations collect vast amounts of operational data to optimize efficiency. Combining operational data with cyber data can more effectively identify, validate and profile attacks, offering a richer perspective on vulnerabilities and threats cybersecurity monitoring. Data meshing enables organizations to validate alerts, detect new attack methods, differentiate between operational issues and cyber incidents and improve risk prediction.
.
– Ian Bramson, VP Global Industrial Cybersecurity, Black & Veatch
.

In this fireside chat, we discuss a real-world incident that recently impacted our operations. Join us to hear:
• How the team detected and initially responded to the incident in the early phases
• Lessons learned spanning expertise, collaboration, technology and critical decision-making as they pertain to containment and recovery
• How a critical incident can transform into a catalyst for long-term resilience and stronger security posture
.
– Moderator: John Ballentine , ICS Cybersecurity Program Lead, Port Authority of New York and New Jersey
– Tung Nguyen, Director of Cybersecurity, Denver Water
.

When we talk about asset management, how deep into the network are we going? How do we do discovery without visibility? In this session you will learn about the foundation of OT asset management – a comprehensive automated OT asset inventory – and its major use cases in reducing cyber security vulnerabilities, address the business continuity risk that comes from OT product obsolescence, and leverage standard hardware and software configurations that can be audited easily.
.
– TaVonne Harris, VP Solutions, OTbase
.

Aging systems, limited maintenance windows, and uptime requirements in OT environments make remediation systems complex, while risk increasingly originates inside the plant, not just at the perimeter. This session examines how organizations are moving from vulnerability findings to defensible action by:
.
• Applying quantitative models such as Factor Analysis of Information Risk (FAIR) to prioritize remediation
• Factoring in OT realities – asset criticality, connectivity, downtime cost, and safety impact
• Establishing a repeatable approach to decide when to patch, when compensating controls are sufficient, and when risk acceptance must change
.
– Brian Deken, NA Director, Industrial Cybersecurity Services Rockwell Automation
.

Join this session to delve into the practical efforts to standardize OT environments and enforce enterprise cybersecurity objectives at the site level. Key focus areas include managing cybersecurity authorizations, integrating new equipment, and coordinating site deployments… All while maintaining operational continuity. The discussion provides insight into real-world challenges of harmonizing diverse OT systems and processes, with lessons learned from mergers and acquisitions and strategies for bridging enterprise security policies with on-the-ground execution.
.
– Moderator: Brad Nash, OTCRM SOC Supervisor, ExxonMobil
.

• From knowing to doing: How organizations can move beyond asset visibility and threat detection to actionable OT security
• Operationalizing security: Implementing Zero Trust remote access and real-time data streaming to empower OT teams
• Unlocking OT value: Leveraging secure connectivity to accelerate safe, efficient remote operations and maximize operational efficiency
.
– Mike Carr, Field CTO, XONA
.

Join this session to explore a range of techniques to ensure continuous visibility into all assets and their vulnerabilities, even when assets are not actively communicating. We’ll discuss:
.
• How to identify risk within your asset inventory
• Methods to evaluate existing vulnerabilities
• Viewing risk in context and prioritizing efforts accordingly
.
– Syed Belal, Global Director – OT/ICS Cybersecurity, Octave
.

​Industrial networks are increasingly targeted by sophisticated cyber threats, making traditional perimeter-based security insufficient. Zero-trust architecture, recently highlighted in a CISA advisory as a key strategy for protecting critical infrastructure, assumes no implicit trust within or outside the network. This presentation explores the urgent need for zero-trust in industrial environments, focusing on two essential pillars: zero-trust segmentation—aligned with the IEC62443 zones and conduits model to control lateral movement—and zero-trust remote access, which enforces policy-driven, least-privilege connectivity for remote users. Attendees will learn a practical approach to implementing zero-trust easily and effectively, without disrupting industrial operations.
.
– John Filitz, Product Marketing Manager IIoT Cybersecurity, Cisco

Overseeing both IT and OT security exposes a fundamental truth: security only works when it aligns with how the business actually operates. By prioritizing people and processes before technology, organizations can turn security from a barrier into a shared responsibility and a driver of safer, more resilient operations.
In this session, we reflect on the challenges of unifying IT and OT cultures, overcoming resistance to cybersecurity practices, and making security relevant to frontline teams… And share some lessons learned along the way.
.
– Jim Betzhold, CISO, South Florida Water Management District
.

Security leaders can no longer rely on passive risk awareness or compliance alone. Achieving true resilience requires enhanced visibility, expedited decision-making, and the seamless integration of cybersecurity measures across all levels of the organization. Resilience must be engineered into people, processes, and technologies, creating a security culture that extends from the plant floor to the boardroom.
Frameworks and regulations provide guidance, but true protection comes from operationalizing cybersecurity as a continuous, organization-wide discipline. The winners in this new era are those who turn risk into action: hardening people, processes, and technology against disruption.
In this session, we will share how to transform risk strategy into sustained operational defense—turning visibility into action, and action into resilient, long-term protection.
.
– Carlos Sanchez, Sr Director, OT Solutions, Fortinet
.

Managing patching in OT environments requires balancing system integrity and operational continuity. This session explores the role automation can play patch management, by prioritizing high-risk vulnerabilities. Attendees will also learn alternative strategies, such as network segmentation and compensating controls, for when immediate patching isn’t feasible. Real-world case studies will highlight best practices to enhance resilience and compliance, ensuring robust security in always-on OT environments.
.
– Jason Lee, Portfolio Manager – Cybersecurity Services, Honeywell
.

Credible consequences define the difference between IT & OT defences. We prevent cyber-sabotage differently than we do espionage. Small shoe factories deserve different protections than do passenger metro switching systems. Numerically, IT breaches cause the most OT outages, but OT breaches cause the most serious consequences. OT AI, cloud services and even cloud operations are realities that must be integrated into reasonable safety, reliability and resilience planning. Analog resilience is future-proof but expensive, and network engineering makes digital resilience more deterministic. And more. In this presentation we survey the latest thinking, challenges and solutions for OT security – consequence, credibility, resilience, safety and clouds – in an increasingly connected, increasingly automated, increasingly exposed world.
.
– Andrew Ginter, VP Industrial Security, Waterfall Security
.

T1: From Silos to Systems: Engineering Repeatable Risk Reduction for Cyber-Physical Systems
– Joe Woodwell, Account Manager, Claroty
.
T2: Zero Trust Meets the Plant Floor: Modern Remote Access for OT
– Ananda Debnath, Product Management Director, Delinea
.
T3: Operational Resilience in an Extended OT Supply Chain: How Can We Prepare for the Inevitable?
– Andrew Snell, Principal Solutions Engineer, Mitratech
.
T4: From Security Tool Sprawl to Operational Resilience: Reducing Cyber Risk and Downtime
– Mike Bova, Team Leader Enterprise, Acronis
– J.D. Perham, Solutions Architect, Acronis
.
T5: From Assessment to Action: How Can You Turn OT Security Reviews Into Real-World Outcomes?
– Zachary Rogan, OT Solutions Consultant, ServiceNow
.
T6: You Can’t Prioritize What You Can’t See: Why OT Asset Inventory Still Fails—and What Security Monitoring & Regulations Now Expect
Steven Sletten, Solutions Engineer, Industrial Defender
.

• Reconciling priorities: How can defenders find the right balance between maintaining real-time operational continuity and safety and the extended timelines required to secure legacy systems?
• Integrating disciplines: What practical steps should we take to ensure that safety and cybersecurity are co-engineered, rather than treated as separate disciplines? What has worked for you?
• Risk alignment: How can technical risk assessments be better aligned with stakeholder-specific priorities and operational realities to drive actionable security decisions?
• Collaborative defense: What governance structures, partnerships, or frameworks should we leverage to enable collaborative protection of critical infrastructure? And how can we realistically get there?
.
– Moderator: Keith Campbell, Refining IT Director, Marathon Petroleum
– Dave Bang, Former Senior Trust Advisor: Global Security Awareness, LyondellBasell
– Kristi Cook, Director, Global IT/OT Cyber Security, Peabody
– Beth Letson, Global OT CISO, Indorama Ventures
.