Joel Langill is The SCADAhacker.  His expertise was developed over more than 25 years through in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation in a variety of roles covering manufacturing of consumer products, oil and gas including petroleum refining, automation solution sales and development, and system engineering.  His employers include major companies such as General Electric, Shell Oil Company, Honeywell Process Solutions, and ENGlobal Automation, offering him a rare and insightful expertise in the risks and mitigation of cyber vulnerabilities in industrial control systems.

Joel's unique approach to security emphasizes the processes and people used to implement security programs, rather than relying solely on technology or "products".  The best strategy for comprehensive security balances People, Processes and Products.   His perspective has been sought and cited by numerous industry publications focused on both industrial automation and information security.  Most recently he has played a central role in the analysis and implications of the Stuxnet worm, including new methods of mitigating current and future attacks on critical infrastructure. 

In 2010 and 2011 prior to launching his own training curriculum, Joel served as the lead boot-camp instructor for InfoSec Institute's SCADA Security course. He is the Director of Critical Infrastructure and SCADA representative for the Cyber Security Forum Initiative, where he was a lead contributor to a report on the use of could in cyber warfare.  He is a Certified Ethical Hacker, Certified Penetration Test, Cisco Certified Network Associate, and TÜV Functional Safety Engineer.  Joel is also a proud member of the Milwaukee Chapter of InfraGard.

Joel blogs on evaluation and security of SCADA and other industrial control systems, and is also a guest blogger with Byres Security.   References are available upon request. Google references available by entering “joel langill cyber security stuxnet”   

• "Is Stuxnet Dead? A Look at Cyber Security and Industrial Control Systems", Flow Control, January 2012
• “Stuxnet Video: Mitigation Strategy Outlined”, ISSSource.com, December 2010
• “Stuxnet Mitigation: Defense in Depth Needed”, ISSSource.com, November 2010
• “Cyber Defenders, Attackers Probe Stuxnet’s Secrets”, Reuters, October 2010
• “Stuxnet worm: Private security experts want US to tell them more”, Christian Science Monitor (CSMonitor.com), September, 2010
• “Stuxnet: Best Practice to Secure Industrial Control Systems”, Industrial Ethernet Book, November 2010
• “Stuxnet: Plan Needed for Prevention, Mitigation”, ISSSource.com, September 2010
• “Stuxnet is a ‘Weapon’”, ISSSource.com, September 2010
• “Control Systems, Oh No … Not Again!”, ControlGlobal.com, April 2010
• “Proper Planning Minimizes Automation Project Risk”, Control Engineering, September 2009
• “Effective Communications Help Integration Projects Success”, Control Engineering, April 2009

• "Network Architecture & Active Directory Considerations for the PI System", OSIsoft vCampus Live, San Francisco, CA, November 2011
• "How Stuxnet Spreads", OSIsoft vCampus Live, San Francisco, CA, November 2011
• "A Look at the Real Cyber Security Risk to ICS", SMI Oil & Gas Cyber Security Forum, London, UK, November 2011
• "Implementing a Network Behavior-based Intrusion Detection System for Control System Networks", Industrial Control Systems Joint Working Group (US-DHS, CSSP), Long Beach, CA, October 2011
• "Control Systems Under Attack: Why we need cyber security", Congress on Audit Effectiveness, Bogota, Columbia, October 2011
• "A Look at the Real Cyber Security Risks to ICS: Critical Infrastructure, Control Systems and the Next Generation of Cyber Attacks", Digitware Security Trends Meeting, Bogota, Columbia, October 2011
• "A Look at the Real Cyber Security Risks to ICS: Control Systems and the Next Generation of Cyber Attacks", PI North America General Assembly, Scottsdale, October 2011
• "Preparing for Stuxnet II: Control Systems and the Next Generation of Cyber Attacks", SCADA [in]Security, Malaysia, July 2011
• "A Stuxnet Primer: Understanding the technology behind the world's most sophisticated cyber worm", SCADA [in]Security, Malaysia, July 2011
• "Think Like a Hacker", SCADA [in]Security, Malaysia, July 2011
• "Implementing a Network Behavior-based Intrusion Detection System for Control System Networks", Siemens Automation Summit, Orlando, June 2011  (View Webcast)
  
• "How Stuxnet Spreads - A Look at Infection Paths in Best Practice Systems", Siemens Automation Summit, Orlando, June 2011  (View Webcast)
  
• "Preparing for Stuxnet II: Is your infrastructure safe?", Cyber Defense: Analyzing Global Cyber Threats, Istanbul, Turkey, May 2011 
  
• "Preparing for Stuxnet II: Is your refinery safe?", Central States Refining Conference, Hollister, MO, May 2011
  
• "How Stuxnet Spreads - A Look at Infection Paths in Best Practice Systems", Industrial Control Systems Joint Working Group (US-DHS, CSSP), Dallas, TX, May 2011
• "Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack", Industrial Control Systems Joint Working Group (US-DHS, CSSP), Dallas, TX, May 2011  (View Demo)
• "How Stuxnet Spreads - A Brief Look at Infection Paths in Best Practice Systems", Mile High Industrial Automation Conference, March 2011
  
• “Defense-in-Depth Strategies for Open, Secure Remote Access to Control Systems Networks”, Industrial Control Systems Joint Working Group (US-DHS, CSSP), October 2010
• “Incorporating Cyber Security into the Execution Methodology of Automation Projects”, ISA Automation Week, October 2010 (paper)
• “Providing Secure, Remote Connections to an Analyzer Network”, Siemens 2010 Automation Summit, June 2010
• “Incorporating Cyber Security into the Execution Methodology of Automation Projects”, 53rd Annual ISA Power Industry Division Symposium, June 2010 (paper)
• “Securing the Analyzer Network – Working with OPC-ADI”, 55th Annual Symposium of the ISA Analysis Division, April 2010 (paper)
• “An Introduction to the ISA-99 Standards: Cyber Security for Industrial Automation and Control Systems”, ISA Edmonton Conference, April 2010
• “Incorporating Cyber Security into your Automation Project’s Execution Methodology”, Industrial Control Systems Joint Working Group (US-DHS, CSSP), April 2010
• “Security for Industrial Automation & Control Systems”, Mile-High Industrial & Automation Conference, April 2010
• “Security for Industrial Automation and Control Systems: An Introduction to ISA-99”, Siemens Answers for Industry Seminar, October 2009
• “Developing Your Own Cyber Security Management System”, Siemens Answers for Industry Seminar, July 2009
• “Implementing a High-Resolution Time Synchronization Solution”, Yokogawa User Conference, May 2009

• ISA-84 Standard Committee, “Process Safety”, Information Member
• ISA-87 Standard Committee, “In-Line Sensors”, Information Member
• ISA-99 Standard Committee, “Security for Industrial Automation and Control Systems”, Voting Member
• Industrial Control System Joint Working Group (ICSJWG), U.S. Dept. of Homeland Security (DHS), Control System Security Program (CSSP) - Workforce Development & Vendor work groups
• InfraGard - member Milwaukee Chapter

Subscribe to RSS headline updates from:
Powered by FeedBurner

Thanks to LogoUp.com for the embroidered polo shirts.

Coming Soon ... SCADAhacker logo merchandise from LogoUp.com !!!