In this session, OSIsoft shares with industry its innovative approach to visualizing cybersecurity threats. This approach uses Bowtie models to identify potential security issues alongside risk mitigation actions and escalation factors. ICS (Industrial Control Systems) Threat Manager, Bri Rolston will contribute her perspective on the Bowtie approach and how she has used it to visualize and analyze problems in her manufacturing network.
Bri Rolston is the ICS Security Lead for Monsanto Corporation where she works with the supply chain, OT (operational technology), and ICS teams. She also still works occasionally as a Critical Infrastructure Security Researcher for the Idaho National Laboratory (INL). In past lives, she has been a cyber-security researcher, threat manager, security architect, incident response/management guru, code security expert, and liberal arts major. She has worked in a variety of industry sectors including consumer manufacturing, consulting, government, software development, risk management, and cloud services. She has published papers, contributed to security standards, co-authored a pending patent for risk modeling software and is an active participant in the security research community. Recently, though, she has succumbed to the lure of historical cyber incident evaluation and TaxonomyItemHtml cause failure analysis. Her current research includes the expansion of her ATAC threat characterization framework using Bowtie analysis and exploitation of telecommunication systems.
Harry Paul is the Cyber Security Advisor for Customer Services and Support (CSS) at OSIsoft. He works closely with all organizations within CSS to advance the security of OSIsoft’s operations, products and services. Prior to his time with the Cyber Security Advisory Team, he worked in Technical Support as an escalation engineer for OSIsoft's web applications and batch products. Harry has a B.S. in Mechanical Engineering and an M.S. in Computational and Engineering Mechanics from Lehigh University.