Ionut is a Security Operations Manager at SecureWorks’ Security Center of Excellence in Bucharest.
He has worked for more than 4 years in security field, having strong knowledge of Ethical Hacking & Penetration Testing and Incident Response methodologies and very good hands-on experience on security testing and active defense.

To fulfill his mission successfully, Ionut also uses his extended experience of over 10 years in the management and configuration of systems and databases.
His technical skills include systems management & configuration (Unix and Linux), SQL Server & Oracle databases management & configuration and also information security (vulnerability scanning and analysis, security auditing, implementation of security standards etc.).

Back to the future: how to respond to threats against ICS environments.

We need to defend a larger attack surface which is expanded by ICS environments.
Indeed, threats to control systems have been a reality for years now and real world cyber attacks against them have been observed.
The ICS assets are running critical functions and they cannot support downtimes or common cyber defense techniques.
They need special approach for incidents mitigation. So, how can we investigate an incident from an ICS network? What tools should we use? What can we find in network packages for traffic between a PLC and a HMI? What…? We have a lot of questions.
We propose to answer those questions together during our presentation. We will explain the inner workings of the Incident Response approach in ICS networks and show the new capabilities that were developed to offer visibility in such environments.

This presentation is Co-presented with Cosmin Anghel, Digital Forensic Analyst and Incident Responder at SecureWorks