Christopher Walcutt
Chief Security Officer, DirectDefense
Orlando, Florida, United States
Actions
Christopher Walcutt is a former network architect with 25 years of experience in security, risk, and compliance leadership. His expertise is predominantly in the energy, utility, smart grid, and manufacturing sectors, specializing in industrial controls architecture, management consulting, and breach and incident handling. He has provided services to a wide variety of enterprise clients, including some of the world’s largest energy, engineering, manufacturing, and water companies, and has advised CISO’s offices and Boards of Directors globally.
Chris served in leadership roles at Constellation Energy, SunGard, and Black & Veatch, where he was responsible for cybersecurity and management consulting for NERC CIP, NRC, smart grid, and NIST compliance.
Links
Area of Expertise
Control Systems Under Pressure: Strategies for Running Effective OT Tabletop Exercises
In this session, we’ll explore how to design and execute effective tabletop exercises specifically for OT environments. OT incident response is fundamentally different from IT, and tabletop scenarios must reflect the realities of SCADA architectures, limited staff, tool constraints, and the nuances of OT forensics. This session will present strategies that are pivotal for organizations to maximize the impact and effectiveness of their OT incident response tabletop exercises.
We’ll explore:
1. Designing Realistic OT Tabletop Exercise: How to build injects and flow to effectively test an organization’s OT incident response capabilities, not just documentation. OT tabletop exercises require specific response strategies that are very different from the IT world. Injects must take into account operational limitations and unique OT architecture, from control systems to remote access constraints.
2. Including IT in the Exercise: Some organizations choose to isolate their OT tabletops. Others see the OT to IT data flows as critical business processes and chose to test them together. These data integrations become not only a required resilience component but also a potential attack vector, particularly where custom code or custom-written connectors exist.
3. The Role of Third-Party Vendors: The OT vendor landscape requires organizations to adapt incident response in ways that IT doesn’t. In this part of the session, we'll discuss the proprietary nature of OT hardware and software and the impact that these vendors can have on IR cybersecurity practices.
Insights are drawn from over 25 years of experience handling both IT and OT breaches, offering actionable takeaways to help teams build tabletop exercises that surface real gaps and improve resilience.
Key Takeaways:
- Consider OT business processes and IR tools capabilities as part of exercise design.
- Evaluate the OT to IT data flow so that critical business processes are included in the test. Identify threats to business continuity and attack vectors.
- Understand the roles and risks of third-party vendors in the OT space, particularly special remote access requirements and proprietary administration tools that have the potential to be used nefariously.
Three Cybersecurity Fundamentals for Robust OT Security and Visibility
In this session, I will delve into three crucial aspects of Operational Technology (OT) security. These fundamentals are pivotal for manufacturing organizations in safeguarding their critical infrastructure from evolving cyber threats, ensuring
resilience, and achieving operational continuity. We’ll explore: 1. Network Segmentation for Sustainable Visibility: The traditional belief that an OT firewall sufficiently protects against IT threats is
outdated. As the industry's need for data access grows, organizations often poke holes in their OT firewalls, creating
vulnerabilities. This session will emphasize the importance of network segmentation within OT firewalls, which provides both visibility and containment capabilities. Attendees will learn why
segmentation is essential in reducing the threat landscape and gaining insights into potential attack vectors. 2. Assessing OT Risk for Resilience: Unlike typical IT risk assessments, the
2 of 5 focus here is on resilience. Manufacturing organizations must consider the possibility of a malicious actor disrupting critical controllers, leaving no room for recovery. Attendees
will gain a broader perspective on assessing risks, aligning it closely with business continuity concerns, and ensuring the continuous functioning of essential facilities. 3. Adapting to
Changing Threats: The ever-evolving cybersecurity landscape requires organizations to adapt to new threats continually. In this part of the session, we'll discuss the sophistication of
modern threats, the importance of IT and OT collaboration, real-time monitoring, and the significance of education and awareness in ensuring robust cybersecurity practices. This
topic includes experience gleaned from 25 years of working IT and OT data breaches.
Key Takeaways: Reevaluate Network Segmentation: Attendees
should revisit their network segmentation strategies, aligning them with the evolving needs of their operations to strengthen visibility and security.
Shift to Resilience-Centric Risk Assessment: Recognize the impact of a cybersecurity incident on the continuous functioning of critical facilities, prioritizing business continuity alongside
traditional risk assessments.
Stay Ahead of Evolving Threats: Embrace cybersecurity as a dynamic process. Collaborate between IT and OT,
implement continuous monitoring, and
educate all staff on cybersecurity best
practices to protect critical infrastructure
effectively.
Abstract: Threat mitigation and risk management is one of the biggest challenges to the operational resilience of OT network
environments in both critical infrastructure and in the commercial and industrial space.
The growing need for 3 of 5 data from OT environments to drive
business decisions through analytics is pushing organizations to compromise traditional rules for protecting these systems
Christopher Walcutt
Chief Security Officer, DirectDefense
Orlando, Florida, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top