Cosmin Anghel

Digital Forensic Analyst and Incident Responder at SecureWorks

Cosmin Anghel is a cyber security professional with 10 years experience in the field, currently leading a Secureworks team which is covering multiple services from TI to Incident Response into the fight against cyber attackers.

Before that, he held the position of Incident Response Manager within UTI Cert, founded by certSIGN SA and a long time ago, in a galaxy far, far away, for 4 years he worked as a cyber security expert within National Cyberint Center with responsibilities in identification and investigation of APTs campaigns and cyber-crime ecosystem.

As a professional who is dedicated to the Cyber Security field, Cosmin strives to promote a culture for continual self-improvement. He attends security conferences/training courses and stays abreast of the latest security trends.

Back to the future: how to respond to threats against ICS environments.

Cyber security is becoming more and more complex and security professionals have new concerns every day. We need to defend a larger attack surface which is expanded by ICS environments.

Indeed, threats to control systems have been a reality for years now and real world cyber attacks against them have been observed.
The ICS assets are running critical functions and they cannot support downtimes or common cyber defense techniques.

They need special approach for incidents mitigation. So, how can we investigate an incident from an ICS network? What tools should we use? What can we find in network packages for traffic between a PLC and a HMI? What…? We have a lot of questions.

We propose to answer those questions together during our presentation. We will explain the inner workings of the Incident Response approach in ICS networks and show the new capabilities that were developed to offer visibility in such environments.

This presentation is co-presented with Ionut Georgescu, Security Operations Manager at SecureWorks

Presentation @DefCamp 2018