Supply Chain Risk
The threat to the supply chain involves complex cyber risk from adversary nations who seek to exploit economic imbalances, as well as the indications of short-term stressors that have highlighted the intricate system of interdependencies that global markets demand for success. Nowhere is this more apparent than within the energy sector - an apex critical infrastructure sector upon which our nation has heavily relied upon for uninterrupted support during this time.
Vice President, Operational Technology Security, Tenable
Marty Edwards is a globally recognized Operational Technology (OT) and Industrial Control System (ICS) cybersecurity expert who collaborates with industry, government and academia to raise awareness of the growing security risks impacting critical infrastructure and the need to take steps to mitigate them. As Vice President of Operational Technology Security at Tenable, Edwards works with government and industry leaders throughout the world to broaden understanding and implementation of people, process and technology solutions to reduce their overall cyber risk.
Prior to joining Tenable in 2019, Edwards—a 30‐year industry veteran—served as the Global Director of Education at the International Society of Automation (ISA). While at ISA, he was recognized by his industry peers with the SANS ICS 2019 Lifetime Achievement Award. Prior to ISA, Edwards was the longest‐serving Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT).
Edwards also served as a program manager focused on control systems security at the Department of Energy’s (DOE’s) Idaho National Laboratory (INL) and has held a variety of roles in the instrumentation and automation fields. Edwards holds a diploma of technology in Process Control and Industrial Automation (Magna cum Laude) from the British Columbia Institute of Technology (BCIT), and in 2015 received the institute’s Distinguished Alumni Award. In 2016, Edwards was recognized by FCW in its “Federal 100 Awards” as being one of the top IT professionals in the U.S. federal government.
Puesh M. Kumar
Principal Manager, Cybersecurity Engineering and Risk Management, Southern California Edison
Puesh Kumar is the Principal Manager for Cybersecurity Engineering and Risk Management at Southern California Edison (SCE), one of the nation’s largest electric utilities. In this role, Puesh leads a team focused on identifying, mitigating, and managing cybersecurity risks to SCE data and systems, both IT and OT, through a risk-based approach. He also manages SCE’s supply chain cyber risk management program where he works on policy and operational initiatives in conjunction with other parts of the company and government partners.
Prior to SCE, Puesh was a Senior Advisor for Strategy and Policy at the U.S. Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) where he led national-level policies, strategies, and programs to strengthen threat information and supply chain risk management in the U.S. energy sector. While at DOE, he also served as the Director for Preparedness and Exercises where he led a team to develop policies, tools, and capabilities to address cyber, physical, and natural risks and threats to the energy sector. He has worked closely with federal government agencies such as the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) and State-level agencies such as governor’s offices, state regulatory agencies, and others to collectively strengthen the security and resilience of the U.S. energy sector.
Previously, Puesh was the Director for Engineering and Operations at the American Public Power Association and Power Systems Engineer at Memphis, Light, Gas, and Water. He has held leadership positions on both industry and government working groups and committees to help strengthen the security and resilience of the energy sector and recently received the Secretary of Energy’s Excellence Award.
Moderator: Nicholas Andersen
Principal Deputy Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy (DOE)
Prior to joining the Department of Energy, Nick Andersen served in the White House Office of Management and Budget (OMB) as the Federal Cybersecurity Lead and Senior Cybersecurity Advisor to the Federal Chief Information Officer, where he led the OMB Cyber Team and was responsible for government-wide cybersecurity policy development and compliance of shared federal security services.
Andersen previously served as Chief Information Security Officer for the State of Vermont, where he was appointed to lead State efforts pertaining to the security and protection of data, security compliance activities, risk reduction, security operations, and threat intelligence.
Prior to this, Andersen was a senior executive and senior intelligence officer serving as the Chief Information Officer for Navy Intelligence and was the Head of the Office of Intelligence, Surveillance, and Reconnaissance Systems and Technologies at the U.S. Coast Guard. He has served on active duty with the U.S. Marine Corps, managing intelligence mission systems in Iraq, Europe, and Africa; and has led cybersecurity and technology programs worldwide with several leading and emerging companies.
Andersen holds a Bachelor of Science in Information Technology Management and a Master of Science in Information Security and Assurance. He has received awards from the U.S. Navy, U.S. Marine Corps, U.S. Coast Guard, and Intelligence Community.
Industry Automation Product Security Officer, Schneider Electric
Andy has over three decades of software development experience, having worked in multiple industries. He has worked in the R&D organization of Schneider Electric since 2001. Currently, Andy leads the Industry Automation business unit in cybersecurity. At Schneider Electric, Andy has managed many process control engineering teams. As a result of this experience, Andy has ushered the Schneider Electric Development organization to comply with ISA 62443 standards at the process, product, and system levels, achieving several world firsts along the way.
Andy has a Master’s Degree in Software Engineering – Artificial Intelligence from Northeastern University and a Bachelor’s of Science in Information Sciences from the University of Massachusetts, Lowell. In addition, Andy is a participating Senior member of ISA, primarily contributing to the ISA 62443 cybersecurity standards and the ISA Global Cybersecurity Alliance.
Founder & CEO, Finite State
Prior to founding Finite State, Matt spent 15 years leading the research and development of advanced solutions to some of the hardest problems in cyber security, with experience across the spectrum of offensive and defensive cyber operations. Notably, he was the technical founder and CTO of Battelle's Cyber Innovations business unit. Throughout his career, Matt has spearheaded complex national security programs ranging from detection of malicious integrated circuits in the supply chain to next generation intrusion detection systems for low-power embedded systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at events around the world.
Finite State was founded to protect the devices that power our modern lives by illuminating the vulnerabilities and threats within their complex software supply chains. We recognize that supply chain security is the #1 problem in cyber security today. Global software supply chains are opaque and complicated, involving countless developers, vendors, and components. Malicious actors exploit supply chain vulnerabilities to gain access to the networks that power our critical infrastructure and can carry out potentially devastating attacks.
Finite State defends these critical devices, networks, and supply chains by leveraging massive data analysis of device firmware and software to provide transparency to device manufacturers and their customers - enabling them to understand and mitigate their risks before they are compromised.