This presentation is about reasons why you should and shouldn’t conduct a pen test or a purple team exercise, covering some caveats such as why black box testing and nmap should be avoided. Starting off with quick overviews of ICS/OT and its architecture. Explaining why cyber security is so difficult to do within this sector, and then some horror stories seen within the industry.
Gavin Dilworth who has a background in Industrial Automation / Control System Engineering based in Taranaki NZ, shifted towards cyber security due to a finding lack of expertise in the IIoT/SCADA/OT/ICS space, have worked for system interrogators, consulting firms and vendors. Conducted various gap, site, vulnerability and risk assessments benchmarked against industry standards such as NIST and IEC 62443. He has an extensive number of qualifications, including SANS Global Industrial Cyber Security Professional (GICSP) and the GIAC Response and Industrial Defense (GRID) certifications as well as Offensive Security Certified Professional (OSCP).