Monday, June 2, 2025
Location: Chicago Conference Center
205 West Wacker Drive
Chicago, Illinois, 60605
Kevin Cardwell
President
Cyber2Labs
profile
Workshop Agenda
Note: Subject to change
Overview of ICS/SCADA Systems
What are ICS/SCADA systems?
Common components: PLCs, RTUs, HMIs, etc.
Industrial protocols: Modbus, DNP3, IEC 61850
Differences between IT and OT environments
Standards & Regulations (NIST 800-82, IEC 62443, NERC CIP)
Hands-On:
Network scanning & asset discovery in a simulated ICS environment
Cybersecurity Challenges in ICS/SCADA
Unique vulnerabilities and attack vectors
Consequences of cyberattacks on critical infrastructure
Attack techniques (MITRE ATT&CK for ICS)
Case studies: Stuxnet, Triton, Industroyer
Hands-On:
Traffic capture & analysis using Wireshark
ICS Network Security & Segmentation
Implementing DMZs and security zones best practices
Configuring firewalls
Intrusion Detection & Prevention in ICS/SCADA
Hands-On:
Configuring an ICS firewall & network segmentation
Setting up and configuring IDS/IPS for ICS protocols
Analyzing network traffic for anomalies
Demonstrating the detection of common ICS attacks
Hands-On:
Log analysis & detecting unauthorized Modbus commands
Protocol Analysis and Monitoring
Using Wireshark or similar tools to capture and analyze ICS protocol traffic
Identifying suspicious communication patterns
Setting up alerts for specific protocol events
Intrusion Detection & Prevention in ICS/SCADA
Defending against unauthorized access
Hands-On:
Deploying Snort/Suricata for ICS network monitoring
Securing ICS/SCADA Environments
Hardening ICS devices & protocols
Securing PLCs
Risk assessment & resilience planning
Hands-On:
Securing ICS endpoints
Incident Response and Recovery
Developing incident response procedures
Communication and coordination
Incident response framework for ICS breaches
Log analysis & anomaly detection
Hands-On:
Investigating an ICS breach scenario
Kevin Cardwell is the President and co‑founder of Cyber2Labs. He has more than three decades of technical leadership in cyber offense and defense, including 22 years in the U.S. Navy as a software and systems engineer, leading a five‑person DoD Red Team to a 100 % success rate over six consecutive years. He subsequently served for six years as the Leading Chief of Information Security at the Network Operations and Security Center in the Norwegian Sea and Atlantic Ocean before retiring to build Cyber2Labs alongside partner Wayne Burke.
Since then, he has conducted over 500 security assessments worldwide, developed the strategy and training plan for Oman’s first Government CERT and its inaugural commercial Security Operations Center, and provided consulting and bespoke training to governments, financial institutions and Fortune‑level companies across the Middle East, Africa, Europe and the UK. A prolific author and instructor, Kevin has written and edited multiple courses and books on penetration testing, network defense, SCADA security and computer forensics, has presented at Black Hat USA, Hacker Halted and ISSA, and holds a B.S. in Computer Science, an M.S. in Software Engineering and a suite of certifications including CEH, ECSA, LPT, APT, CTIA and CHFI.
