July 14, 2018
BSides Springfield Conference
Revolutionary Security is proud to be a sponsor of the BSides Springfield 2018 information security conference being held July 14, 2018. In addition, Revolutionary Security Director Jason Holcomb will be presenting.
The presentation, Do No Harm: Low Impact Testing & Assessment Techniques for Highly Sensitive Environments, will discuss why “This environment is too sensitive” should not be an excuse for failing to understand attack surface and overall security posture and, if anything, may be an indicator that a thorough examination is warranted to understand potential risks. But how do you do test or assess a network or system that is potentially fragile and where interruption or downtime comes with a serious price tag that can even include health, safety, and environmental risks? There are many examples of negative assessment side effects including:
- A map scan with default flags forces a shutdown of a critical industrial controller
- A simple vulnerability scan saturates a network segment causing an outage for a SCADA system
- An aggressive vulnerability scan overwrites data in a poorly configured database
Beyond just the technology interruption, all these examples come with a potentially serious operational impact. In this presentation we will examine tools and techniques to help effectively understand architectural weaknesses, technical vulnerabilities, and attack surface in a “do no harm” approach. The tools and techniques covered represent an accumulation of proven methods developed over ten years of performing assessments in critical infrastructure industrial environments including electric, nuclear, oil and gas, chemical and other production environments.
January 15, 2018
S4x18 – ICS Security Conference
Revolutionary Security Director Jason Holcomb will be presenting and moderating technical sessions at the S4x18 – ICS Security Conference being held in Miami on 16 – 19 January. Digital Bond’s S4x18 is one of the world’s largest and most advanced ICS Cyber Security events. The event will feature leading/bleeding edge content and top experts in ICS Security. Jason will be presenting on the main stage, sharing a personal story that will challenge the ICS security community to continue advancing and challenging their thinking.
Jason leads Revolutionary Security’s Industrial Control Systems Security practice. He has been actively involved in helping secure SCADA, DCS, IIoT, and other operations technology since the early 2000s, spending the first 10 years of his career working for a utility asset owner. In addition to utility expertise, Jason has led industrial control system security efforts in the oil and gas, chemical, and manufacturing industries.
January 16 – 19, 2018
November 1, 2017
Revolutionary Security’s Rich Mahler Gives Testimony on Cyber Security Issues to the New York State Senate
Rich Mahler, Vice President at Revolutionary Security, was invited to provide written testimony and appear before the New York State Senate to discuss cyber-security issues affecting New York on October 24, 2017. Mr. Mahler spoke to the Senate Standing Committee on Investigations and Government Operations, together with the Senate Standing Committee on Veterans, Homeland Security and Military Affairs. Mr. Mahler’s testimony had a particular emphasis on the complexity of the cyber security regulatory environment, threats to the Industrial Control Systems (ICS) or Industrial Internet of Things (IIOT) landscape, and steps NY can take to address the critical shortage of qualified cyber security professionals.
To view Mr. Mahler’s written testimony, click here.
To watch Mr. Mahler at the hearing, click here.
For the full hearing video, click here.
May 3, 2017
Bucks County Bar Association Event: Managing Cyber Risk for Law Firms
Revolutionary Security Vice President Rich Mahler To Present On Managing Cyber Risk for Law Firms
Revolutionary Security Vice President Rich Mahler will be presenting at The Bucks County Bar Association on May 3 in Doylestown, PA. The presentation, Managing Cyber Risk for Law Firms, will provide an overview of the threat environment and adversary motivations and the risks posed to law firms. It will include a discussion on both professional and ethical requirements relating to security and how to effectively assess and mitigate risks and turn a law firm’s security program into a business strength.
May 2, 2017
Beacon Sponsored Event: Leadership Lessons Learned from the Military
Revolutionary Security Vice President Rick Cline On Panel To Discuss Leadership Lessons Learned from the Military
Revolutionary Security Vice President Rick Cline will join fellow former Military Leaders as they share their experiences in transferring tools and strategies that served them well in the military to Corporate America with impressive results. The panel discussion, Leadership Lessons Learned from the Military, will be held 2 May at the offices of CCI Consulting in Blue Bell, PA. The event was organized by Beacon, a professional development and networking organization in the Mid-Atlantic region. The moderator for the panel will be Maria Baseggio, a Beacon member, and President of SAGE Insights, LLC.
April 3, 2017
Industrial Control Systems Joint Working Group (ICSJWG) 2017 Spring Meeting
Revolutionary Security On Panel At Industrial Control Systems Joint Working Group (ICSJWG) Spring Meeting
Revolutionary Security Director Jason Holcomb will join fellow ICS security experts for a panel discussion at the Industrial Control Systems Joint Working Group (ICSJWG) Spring Meeting being held in Minneapolis, MN on 11 – 13 April. The panel discussion, Ask the Experts: Evaluating Attack Surface Across Network Enclaves; OT, IT, PACs, will focus on the importance of third party security assessments across all ICS asset owner enclaves (Information Technology, Operational Technology, and Physical).
Jason will be joined by a distinguished panel including Dario Lobozzo of Guidepost Solutions and an expert consultant in cyber, physical and technical security design; Michael Toecker of Context Industrial Security and representative of the asset owner community; and Reid Wightman of RevICS Security and expert in ICS software and hardware validation research. The panel will be moderated by Brian Proctor from SecurityMatters.
April 11 – 13, 2017
March 24, 2017
Revolutionary Security Director Jason Holcomb will be presenting at the BSides Oklahoma information security conference being held at the Glenpool Conference Center on 24 March. The presentation, How did that get there? The ICS attack surface you may be missing, will focus on attack opportunities lurking in many industrial control system environments.
How did that get there? The ICS attack surface you may be missing. With media attention and the advent of IIoT, awareness of control system vulnerabilities is arguably at an all-time high. What you may not be aware of, however, are the lesser known technologies and attack opportunities lurking in many industrial control environments. While you’ve probably heard about fragile IP stacks in embedded devices, unpatched Windows, and rampant MS08-067 in ICS, the story doesn’t end there. In this presentation, we’ll examine overlooked and often undiscovered attack surface based on a decade of ICS assessment and testing experience in the oil and gas, electric power, and manufacturing industries.
February 9, 2017
Revolutionary Security Forms Strategic Partnership and Receives Investment from Guidepost Solutions
Revolutionary Security LLC, a full service cyber security firm, announced that it formed a strategic partnership with Guidepost Solutions LLC, a global leader in compliance, investigations, risk management and physical security consulting. Revolutionary Security is led by the founders of the commercial cyber security division from one of the world’s largest defense contractors. This strategic partnership enables Revolutionary Security and Guidepost Solutions to offer clients a wide-ranging suite of cyber security solutions and consulting services. Guidepost Solutions also acquired an equity stake in Revolutionary Security.
This new partnership enables clients to leverage comprehensive threat, risk and vulnerability management services to protect against a full spectrum of cyber and physical security issues. These innovative capabilities are specifically designed to improve cyber defense capabilities and prevent or remediate any incidents when they occur. Clients will benefit from a depth of exceptional expertise offered by both firms, as well as a breadth of services that address a broad range of corporate risk mitigation needs.