Infobox News01
We have a big experience on evaluating devices and services. We can map the service up to known security frameworks/audit models - ISO2700X, 62443, NIST and NERC CIP etc.
Our contributions to a safer industrial environment, includes finding Zero-days and submission of responsible disclosure notification to leading vendors, Moxa, Siemens /Ruggedcom, Palo Alto, Honeywell, Hirchmann, ATC and others.
A CVE list including the following contributions;
MOXA - CVE-2016-9367 ICS Advisory (ICSA-16-336-02A)
MOXA- CVE-2018-10632 ICS Advisory (ICSA-18-200-04)
PLC (Wago) CVE-2019-10953 ICS Advisory (ICSA-19-106-03)
Honeywell https://www.honeywell.com/en-us/product-security#items_304654820
Many new advisories is in the pipeline to be published, when firmware updates is avaliable…
Background and certifications:
I hold a active CISSP certification and the GIAC Response and Industrial Defense (GRID) + Global Industrial Cyber Security Professional (GICSP) certifications from SANS. Furthermore I am Certified SCADA Security Architect (CSSA) and has achieved a numbers of other international IT-security product related certifications, and has participated in the following educations;
(SANS) ICS410: ICS/SCADA Security Essentials
(SANS) ICS515: ICS Active Defense and Incident Response
(SANS) ICS612: ICS Cybersecurity In-Depth
(DHS/ICS-CERT) ICS Cybersecurity
Certified SCADA Security Architect (CSSA)