SGF-Cybersecurity Week 2023

Annilisa Arge Klevang

CISO, SEV

Annilisa Arge Klevang is currently holding a job as a CISO in a small energy company with critical infrastructure in the distant and isolated Faroe Islands. Annilisa was originally a nurse 25 years ago and since then holding a Master’s in Software Development, Prince 2 Foundation and Practitioner, CDPSE, CISM, ESL – Examined Security Leader with a special interest in group dynamics and leadership performance. Her path and experience in IT for more than 20 years and 10 years within IT-security make her understand and facilitate changes of habits and culture n the environment, mitigating threats and supporting the strength and resilience of the organization.

Catherine Buhler

CISO, Energy Australia

I am a passionate Cyber Security and Risk Professional with experience in the Manufacturing, Financial Services, Telecommunications, Retail and Government sectors. My expertise spans the development of risk and security strategy and its operational implementation, governance, risk and compliance management and is combined with the successful integration of information security and risk practices into complex multi-stakeholder environments.

Erki Guhse

CISO, Enefit

Erki Guhse, MA in Economics and Entrepreneurship, BSc in Electrical Engineering, ISO/IEC 27001 Lead Auditor, with over 20 years of rich experience in working in relevant field. For the last 5 years, I have been providing project management, risk management, information security, cybersecurity, and business continuity services. I have led projects for implementation of the information security and business continuity systems, started and led an ambassador program for cybersecurity.

Barry Coatesworth

Director and Cybersecurity Leader, Guidehouse

Barry is an internationally recognized cybersecurity expert and advisor with 30+ years’ experience in energy, finance, and public sector working within risk, compliance, and security.

Indrek Kunapuu

CISO, Elektrilevi

Indrek Künnapuu has a background in the Estonian Defence Forces and over ten years of experience in information technology and information security, with in-depth knowledge of implementing and maintaining communication infrastructure in critical services. He is currently the Chief Information Security Officer at Elektrilevi. Elektrilevi is the most significant distribution system operator in Estonia, where Indrek is also a technical advisor on cybersecurity matters involving large-scale IT projects and daily operations. Among other information security projects in Elektrilevi, Indrek is also responsible for implementing an ISMS and a BCMS.

Jeremi Gryka

Deputy CIO/IT Security, PSE

Jeremi helps organizations in ensuring IT/security risk control mechanisms make business sense. With extensive experience in IT and information security mainly in energy sector, financial services and telecoms, hardened in demanding multitasking environments with conflicting priorities, including 10 years in IT audit and management consulting, he is a seasoned manager and coach, having great results in motivating teams to break barriers for maximum performance and success of the projects.

Michael Ring

Information Security Officer (ISO) GFO, TenneT

Michael Ring is an Information Security Officer (ISO) working for TenneT TSO GmbH – one of the leading European grid operators in Germany.

Having brought in his 5+-years expertise as PECB Certified ISO/IEC 27001 Senior Lead Implementer, CISSP and CISM as an internal ambassador for Information Security and Management Systems implementations to date, currently he is driving the transition from an ISO/IEC 27001:2017 and ISO/IEC 27019:2020 compliant Information Security Management System (ISMS) and make it ready for the future.

Michael will share his experiences and the lessions learned from this interesting and exciting journey towards future-proofing existing ISMS implementations.

Michael Knuchel

Head of SAS Engineering, Swissgrid

Michael Knuchel graduated in Electronics Engineering and has a Master at the ETH in Management, Technology and Economics. He is working as Head of Engineering SAS for Swissgrid and is additionally responsible for the Cyber Security Projects in the OT environment. He was Project Manager and one of the Authors of the Cyber Security Framework of Swissgrid for substations. Michael Knuchel has gathered experience in the OT field leading international commissioning teams for Substation Automation Systems for five years for ABB worldwide. He is Chairman of the cyber security task force of the Electricity Industry Association.

Janus Ahrensbach

ICS Security Architect, Energinet

Passionate OT/ICS/SCADA Security architect, dedicated to improving process reliability by increasing security in close collaboration with process engineers, applying knowledge and experience to security solutions to ensure minimal impact to the process and operations. Firm believer in security and compliance needs to go together in order to succeed in protecting our critical infrastructure in today's security landscape.

Sampo Turunen

Secondary Systems Manager, Fingrid

Secondary systems specialist at Fingrid Oyj, the Finnish TSO, focusing on development and specification of substation control and protection systems. In addition to project deliveries, working on substation LAN structure, IEC 61850, engineering tools, remote access, OT cyber security and interfacing between ICT and substation projects.

Olivier Clement

Head of Cyber Security Anticipation & External Affairs, Enedis

Olivier Clément is an energy engineer and holds a master's degree in cybersecurity. After working 5 years in south-East Asia, he joined the French energy sector in 2002 where he held various positions in management. Chief of staff in 2014, then EDF’ representative in West Africa, he developed a systemic and political vision of the energy sector. Since 2020, he has joined the cybersecurity division of Enedis where he is in charge of the anticipation and external relations activities for cybersecurity and follows regulatory developments (NIS2, REC, CRA…). Since 2020, Olivier is active within the team of ENTSOE and EU.DSO for the writing of the NCoCS. Chair of the EU DSO Cybersecurity expert group, he coordinates the work in cybersecurity for the Entity. In France, Olivier is Foreign Trade Adviser for the Government and oversees the coordination in cybersecurity of the bigger energy companies within the CSF-NSE.

Deniz Tugcu

Lead OT Security Specialist, Vattenfall

Lead Senior Principal Security Consultant, trapped first cyber criminals (industry spies) back in 1994 by building his own dual bastion host with a breadcrumb honey net. Created (OT Security) results in various business sectors and companies, ranging from finance, United Nations to Global Renewable Energy. Eclectic and curious, looking for new ways to grow and improve security and the world. Currently piloting “FacOTry” enabling Security Automation and Orchestration, for scalable and efficient defence and operation of OT assets. Lives in Copenhagen, enjoys: running , exploration of craftsmanship (ha-ha. Known by co-workers as the CPH pitbull).

Lead Senior Principal Security Consultant, trapped first cyber criminals (industry spies) back in 1994 by building his own dual bastion host with a breadcrumb honey net.

Shawn McBurnie

Head of IT/OT Security & Compliance, Northland Power

As Head of IT/OT Security & Compliance at Northland Power, Shawn is responsible for leading the company’s global IT and OT cyber security programs while ensuring compliance to applicable critical infrastructure and data protection regulations. He joined in March 2020. Shawn has over 15 years of experience in various IT operational and cyber security roles in the electricity and financial services sectors. He has experience successfully implementing modern security controls in OT environments in both greenfield projects as well as live environments. Prior to Northland Power, Shawn was the lead of the cyber security team at Toronto Hydro – one of the largest electricity distribution companies in Canada. Shawn holds a Master of Science in Cyber Security with Distinction from the University of Liverpool, a Bachelor of Commerce in IT Management from Toronto Metropolitan University, and a Diploma with Honours in Computer Systems Technology from Seneca College. He also holds several certifications including CISSP, ISSAP, CISA, and CDPSE.

Siv Houmb

Senior Adviser, Statnett

Dr. Siv Hilde Houmb has a PhD in cybersecurity and decision theory and more than 25 years’ experience in cybersecurity and critical infrastructure. She has a long and extensive industry background (more than 20 years), and her experience covers risk assessment, security protocols development, attack protection strategies, ethical hacking (penetration testing) and monitoring and surveillance technology for cybersecurity. She has engineered several security protocols and technical security solutions covering hardware, operating systems, applications and communications. She has worked as a security researcher both nationally and internationally and has published more than 50 scientific papers and articles on information security and risk assessment. Dr. Houmb has over the last 10 years focused on cybersecurity challenges for critical infrastructure, including Advanced Persistent Threats (APT) and how they could be used to severely impact a Nation’s core infrastructure.

Ruben Figueiredo

Cyber Security GRC Manager, E-REDES

Rúben Figueiredo has a degree in Economics with expertise in Monetary and Financial Economics and Industrial and Firm Economics from Lisbon School of Economics & Management. Before joining E-REDES in August 2022, Rúben worked as Chief Internal Auditor at OMIClear, the Clearing House and Central Counterparty of the Iberian Energy Market, also with responsibilities for the implementation and development of the information security and business continuity management systems. Rúben is currently Cyber Security GRC Manager at E-REDES and responsible for managing GRC activities, the certified ISMS of the organization and the cybersecurity awareness and training program.

Salim Bouramman

Expert OT Cyber Resilience and Cyber Range, E.ON

Salim Bouramman is an expert in OT-Systems in the power grid sector with more than a decade of experience. He is a consultant for Cyber Resilience in E.ON’s Cyber Security Unit. In his role, he supports the development of resilient operational concept and is a trainer in E.ON’s CyberRange-e. Here he develops and operates the simulated technical energy infrastructure for his trainees and improves their ability to withstand cyber-attacks. Formerly, he was product lifecycle manager for grid protection systems at a German DSO. He was commissioned with the standardization of protection technologies and fundamental issues for the operation and risk assessment of thousands of protection, automation, and control devices.

Greg Blezard

Head of Information Security, ENWL

With a passion and enthusiasm for enterprise architecture design, cyber security, programme management and leadership, I am a highly experienced Chief Technical Officer with expertise in developing secure infrastructure solutions that deliver real and auditable operational improvements in system performance. As a CTO and Senior Programme Manager, I have an in-depth knowledge of developing highly experienced and motivated project teams as well as managing all internal and external stakeholders to ensure that we deliver on time and on budget. I consistently strive to exceed expectations and work with multiple project teams to deliver maximum system security and systems that are operationally robust. I also deliver outstanding professional development and career progression for my teams through effective guidance and mentoring, ensuring that team members become subject matter experts in their own right. As a result of my efforts, I have received a commendation from the Head of the British Army, appointed a Member of the British Empire by HM the Queen and I am regularly asked to brief senior C-level audiences on secure infrastructure and enterprise architecture development.

Luka Mocnik

ICT Infrastructure Architect, Elektro Gorenjska

MSc. Luka Močnik is leading engineer in the field of substation automation in DSO Elektro Gorenjska. He worked in telecommunication industry in the time when telephony was evolving from analog to digital world. More than 10 years ago he left telecommunications and jump into world of power distribution automation. In that time, he also gains MSc degree from power engineering. He uses past experiences in development of Elektro Gorenjska's control centre, substation automation based on IEC61850, digitalisation and development of cyber security. His life motto is: Who Dares Wins.

Tom Jøran Sønstebyseter Rønning

Team Leader of Operational Security, Statnett

Tom Jøran Rønning has 22 years of experience working with infrastructure, the last 10 years of that working with infrastructure security. He is currently at his 7th year working at Statnett, where he is doing unannounced penetration tests. Before starting at Statnett he worked 7 years at Telenor. He has a background as a programmer, and as a red teamer his main focus is writing tools that go undetected, in addition to living off the land by using native applications.

Anjos Nijk

Managing Director, ENCS

Anjos Nijk is Managing Director of the European Network for Cyber security (ENCS). In addition to his duties with ENCS, he is an observer in the Steering Committee of the Smart Grids Task Force of the European Commission, member of cybersecurity EG2 and ENCS liaison with European associations including ENTSO-E, E.DSO and EUTC. He started his career in various international management functions at AT&T and Lucent Technologies and was involved in various innovative start-ups. Anjos holds a degree in Technische Bedrijfskunde (Business Administration and Informatics) at University of Twente, The Netherlands.

Chris Kubecka

CEO, Hypasec

Chris Kubecka is the founder and CEO of HypaSec. Previous Group Leader for AOC, tasked with setting up digital security after the world’s most devastating cyber warfare attack so far, the 2012 Shamoon attacks. Previously, establishing and leading the network and security operations, UK/EU GDPR Privacy Group, joint international intelligence team and Information Protection Group for Aramco Overseas covering EMEA (outside KSA) and South America, part of Saudi Aramco. USAF veteran of multiple humanitarian and combat missions as air crew, US Air Force Space Command with degrees in information technology and computer science. Based in northern Europe, is a member of the Cyber Senate, Artificial Intelligence, subject matter expert panelist and advisor for the European Council of Foreign Relations regarding post Brexit digital security and cyber warfare. An advisor and subject matter expert to several governments and industries on cyber security and incident response for cyber warfare, and recognized expertise in financial, oil and gas, water and nuclear industry digital security.

Suzanne Rijnbergen MBA

Managing Director Cyber Resilience Gallia, Accenture

Suzanne has 15+ years of experience in IT and OT security, leading global technology teams. She combines strong knowledge about the business landscape, threat landscape and latest technology insights. Suzanne has solid experience in both Information Security, Privacy and OT security. Currently she is leading the Cyber Resilience practice for Benelux and France within Accenture. Her experience includes leading projects in the oil & gas, electricity, water, chemicals, nutrition, high-tech, manufacturing, government, and public sectors.

Alex Stefanov

Director, Control Room of the Future

I am leading the research programme on cyber security for power grids at TU Delft and the Cyber Resilient Power Grids (CRPG) team. We are developing power grid digital twins and AI-based, automated cyber security technologies to improve the power system operational resilience to cyber-attacks. I am the Director of the "Control Room of the Future" Technology Centre at TU Delft for cyber security and grid resilience research, development, demonstration and training of CSIRT & grid operators. The "Control Room of the Future" is a unique, future-ready and multi-domain experimental setup used as an innovation hub for the development and demonstration of cyber secure, future-proof power grid technologies.

Ivo Maritz

Senior Adviser Cybersecurity, Maritz Consulting

Ivo is a seasoned Senior Advisor in Cyber Security with over 35 years of experience as an ICT Executive in leading ICT organizations in industry and services with up to a few hundred collaborators reporting to him locally and from around the world, and in successfully running small to very large, complex, local and global IT projects and IT/OT security projects in multicultural environments. Ivo's strengths are the combination of strategic leadership in Information and Communications Technology as well as Cyber Security in IT and OT with people and operations management with the objective to add value to the business by supporting Business Strategies (e.g. Operational Excellence, Enabling New Business) with commonly supported ICT Visions and an ICT Strategy and its sustained Realization including all human, procedural and technical Cyber Security aspects in pragmatic steps with a lean organisation and focused processes.

Janne Hagen

Special Adviser Contingency Planning, NVE

Janne Hagen holds a PhD in information security. She has a long carrier as researcher and advisor on societal security and cyber-security, now working as special advisor on cyber security at the Norwegian Water Resources and Energy Directorate (NVE) and associate professor at the University of Oslo.

Massimo Rocca

Board Member, EE-ISAC

I started my profession as IT security engineer back in the nineties in the middle of the "new economy" epoc. Thanks to the burst of computer security in 2k, I had the chance to change many roles and understand the organisation, challenges and vulnerabilities of different businesses. In the last 13 years I covered managerial positions in the fields of security and cyber security risk management, crisis management, information - plants and people protection within Enel Group, ensuring uniform application of corporate policies, improving the efficiency of processes and anti-fraud controls, monitoring the trends of global threats, energy sectorial regulation & technical standards, data protection and critical infrastructure compliance. I also keep constant relations with Authorities, Institutions, solution providers and utilities at national and international level, with the aim to build a network of security experts in the field of energy.

Isabell Neise

Head of Business Development, UNISS

Isabell Neise is the head of business development and marketing of the Institute for Security and Safety at the Brandenburg University for Applied Sciences. She holds a PHD in Communication Studies and worked as a researcher for several years. At the Institute for Security and Safety she is in charge of the strategic development of new products, sales and marketing. Moreover, she conducts Workshops and Trainings with an emphasis on OT-Security and Cyber Security Awareness. Her main objective in the field of Cyber Security is how cyber security can be communicated effectively to different stakeholders, in order to build a security culture, reduce barriers and built trust within organizations.

Andy Bochman

Senior Grid Strategist, Idaho National Laboratory

Andy provides strategic guidance on topics at the intersection of grid security and climate resilience and adaption to senior U.S. and international government and industry leaders. A Non-Resident Senior Fellow at the Atlantic Council’s Global Energy Center, in 2021 he published his first book: Countering Cyber Sabotage: Introducing Consequence-based Cyber-Informed Engineering. Andy began his career as a comms officer in the US Air Force, and prior to joining INL was a Senior Advisor at the Chertoff Group and the Energy Security Lead at IBM. Mr. Bochman received a BS from the U.S. Air Force Academy and an MA in Biology & Environmental Management from Harvard University.

Leandros Maglaras

Professor of Cybersecurity, De Montfort University

Dr. Leandros A. Maglaras is a Professor of cybersecurity at the School of Computer Science and Informatics of De Montfort University. From September 2017 to November 2019, he was the Director of the National Cyber Security Authority of Greece. He obtained a B.Sc. (M.Sc. equivalent) in Electrical and Computer Engineering from the Aristotle University of Thessaloniki, Greece in 1998, an M.Sc. in Industrial Production and Management from the University of Thessaly in 2004, and an M.Sc. and Ph.D. degrees in Electrical & Computer Engineering from the University of Thessaly, in 2008 and 2014 respectively. In 2018 he was awarded a Ph.D. in Intrusion Detection in SCADA systems from the University of Huddersfield He is featured in Stanford University's list of the world’s Top 2% of scientists. He is a Senior Member of the Institute of Electrical & Electronics Engineers (IEEE) and is an author of more than 200 papers in scientific magazines and conferences.

Laszlo Erdodi

Associate Professor, NTNU

Laszlo Erdodi is Associate Professor at the Norwegian University of Science and Technology (NTNU) and also at the University of Oslo (UiO). He has 15 years of professional experience in ethical hacking and penetration testing including web hacking, exploit development and power-grid security. He is the lecturer of several ethical hacking courses in Bachelor and Master level. His main research fields are reinforcement learning based offensive security, power grid security and also ethical hacking learning platforms. Currently he is the head coach of the ENISA Norwegian students hacking team.

Dmytro Cherkashin

Head of Cybersecurity Development, UNISS

Dmytro Cherkashin holds the master's degree in Nuclear Energy with focus on Security aspects and was assigned for different security related tasks either technical, managerial or consultative for last 13 years. Currently he is working as the Head of Cybersecurity Development for Institute for Security and Safety at the Brandenburg University of Applied Sciences, creating with his team modern approaches for customer-customized security trainings for critical infrastructure sector. Dmytro is also active in consulting nation states to build capacity in cybersecurity sector through the education and advice, being a member of EE-ISAC, IAEA, ITU CoE and other organizations. His topics of priority are OT and Automotive cybersecurity.

Venkatesh Gollapalli

Security Architect, EY

Assist in computer security incident response including monitoring, detection, investigation and lessons learned. Apply appropriate mitigation for identified indicators as needed to adapt to the changing threat landscape. Meeting Executive people to discuss for Cybersecurity solutions and assisting in development of risk metrics for reporting to the senior management of the client. Selecting, designing, and enforcing Cybersecurity Controls to Target levels and supporting the enterprise cyber posture. Adopting and mapping controls to the ISO, NIST, NERC, ISA and other industry frameworks to the ICS Cybersecurity projects and recommending to the clients as per their industry requirements. Reviewing the ICS Cybersecurity practices according to IEC-62443, NIST CSF, NIST SP 800-53, NIST SP 800-82. DeltaV Firewalls configuration with respect to the Emerson best practices. Rebuilt of all ICSS Security policies and helped deploy an acceptable use of technology agreement for all the ICSS Operators. Build and manage an ICSS Cyber security education and awareness program for the ICSS Operations and other team members, Group policies updating for ICSS system and creation of network architecture.

Kristian Alsing

Cybersecurity Executive, Independent

Kristian has developed cyber security and resilience capabilities for 20 years. He is a business-driven leader, with experience in end-to-end security solutions; delivery and operations across a variety of highly regulated industry sectors. Last two years he’s driven transformative security programmes in an energy, utilities and natural resources cyber business in a major global Systems Integrator and consultancy. Here he covered cyber transformation, MSS and consulting including in most areas of the smart grid. Kristian blogs and speaks on a variety of cyber topics. Kristian holds a number of security certifications, a Master’s and Bachelors in Business Studies/ Comms. and a Diploma in BCM. He has spent 12 years freelancing in music journalism.

Stephan Beirer

Team Manager ICS/OT Security, GAI NetConsult

Dr Stephan Beirer worked for several years as a freelance network administrator and security consultant during his studies and doctorate in physics. In 2006 he joined GAI NetConsult GmbH as a Principal Consultant and Team Leader for ICS/OT Security. He advises industrial and energy supply companies, trade associations and manufacturers on the creation of organisational and technical security guidelines and on the design and implementation of security measures. Further focal points are the implementation of information security management according to ISO/IEC 27001 and IEC 62443.

He is active in several international standardisation on IT security topics in the process technology sector, most recently as project editor at DIN and ISO/IEC SC27 for the International Standard ISO/IEC 27019. He is certified as "Lead Auditor ISO/IEC 27001" and is a member of the BDEW working group "IT Security in the Energy and Water Industry" as well as the standardisation committees DIN NA 043-01-27 AA "IT Security Procedures", DKE/AK 952. 0.15 "Information security in network and station control technology" and ISO/IEC JTC 1 SC27 WG 1 "Information security management systems".

Aurelio Blanquet

Secretary General, EE-ISAC

Aurelio Blanquet has an MBA degree and is an Electrotechnical Engineer with a specialization in Systems Automation. Since September 2021 he is Secretary General of EE-ISAC, the European Energy Information Sharing & Analysis Centre. Until 2021 he was Board Advisor at E-Redes, the Portuguese DSO, and from 2007 was Director of Energy Networks Digital Platform at EDP Distribuição, being responsible for the Critical OT Strategy and Roadmap, including SCADA, SAS, HV/MV Smart Grid Automation, Telecommunications and Cybersecurity. Besides his duties with EE-ISAC he is active in the EUTC - European Utilities Telecom Council as Honorary Member. He is also member of the WEF - World Economic Forum. Throughout his professional career he assumed several roles and responsibilities in European entities: · Chair of the Assembly Committee and General Assembly of ENCS - European Network for Cyber Security · Vice-Chair of EUTC - European Utilities Telecom Council · Principal Director at Prime Alliance · Head of the Portuguese National Secretariat of Cired - International Conference on Electricity Distribution · Participant of several digital initiatives promoted by the CCE - Conseil de Coopération Économique

Tomasz Wysztygiel

Cybersecurity Manager, EY OT/IOT Hub

Tomasz is an experienced cybersecurity engineer with hands-on experience in OT cybersecurity.

Leader of OT Active Defense services at EY OT/IoT Hub. Leads the team of engineers specialized in penetration tests of industrial environments and IoT/OT devices (including Advanced Metering Infrastructure), and supports clients in building security foundations and capabilities to actively respond to cybersecurity threats.

Before, he was cybersecurity specialist in the government's CSIRT, where he was primarily responsible for the securing of critical infrastructure, malware analysis and IT/OT Incident Response.

Tomasz holds a Master's degree in Electrical Engineering and various cybersecurity certificates including CISSP, CEH, GRID.

Lukasz Kisielewski

Manager OT/ICS, Accenture

Lukasz Kisielewski is a consultant with 10+ years of experience in the OT field. He dedicated the last six years to security. His engineering background combined with security expertise and knowledge of a wide range of industries is his main advantage. He gained experience in assessments, the creation of OT security strategies, as well as the delivery of complete security programs. Lukasz advocates inclusion and diversity in the workplace and wider community. He also enjoys giving back to the community as an active member of ISSA Poland.

Speaker Line-Up