Conference Schedule

November 15 - 17, 2022  |  Virtual

Schedule as of September 30, 2022

All times are in EST

Day One | Physical Security & Resilience 

Tuesday, November 15, 2022

12:30 PM - 1:15 PM

Welcoming Remarks & Main Stage Speaker

1:15 PM - 2:15 PM


Physical Security Threats to Water and Wastewater Systems

Water utilities continue to face an increasingly complex physical threat environment. Join a panel of experts as they provide an overview of the threats posed by different malicious actors, from domestic violent extremists and foreign terrorist organizations to common criminals and insiders.


  • Andy Jabbour | Co-founder and Managing Director, Gate 15



  • Angie Gad | Alethea Group

  • Alec Davison | All-Hazards Risk Analyst, WaterISAC

  • Bridget Johnson | Managing Editor, Homeland Security Today

  • Luke Citro | Intelligence Analyst, Federal Bureau of Investigation

2:15 PM - 2:30 PM


2:30 PM - 3:30 PM


Reducing Physical Security Risks: Solutions for Utilities

All utilities face similar threats while providing a critical service to their communities. Join industry emergency management and security practitioners as they detail solutions that can be implemented to face those challenges.


  • Steve Bieber | Water Resources Program Director,
    Metropolitan Washington Council of Governments, and 
    President, InfraGard National Capital Region 



  • Eric Hatcher | Senior Emergency Preparedness Specialist, AECOM

3:30 PM - 4:30 PM


Responding to Climate Change and Natural Disasters: Lessons from Australia and Canada

Every utility has had to adapt to evolving situations and learn from past events. Listen to water sector experts from Australia and Canada as they share natural disaster preparedness and response insights and discuss climate change impacts and adaptation


  • Chuck Egli | Director of Preparedness and Response, WaterISAC 



  • Stephen MacCarthy | Manager of Corporate Security, Water Corporation, Australia

4:30 PM - 5:00 PM

Closing Remarks

Day Two | Cybersecurity - Something for Everyone 

Wednesday, November 16, 2022

12:30 - 1:15 PM

Welcome Remarks & Main Stage Speaker

1:15 PM - 1:45 PM


Back to the Basics: A to Z on Cybersecurity

Best practices and advice on cybersecurity for utilities and their employees.  Understanding and how to use the resources provided by agencies, associations, and industry partners.

Final touches being put on speakers.

1:45 PM - 2:15 PM


Cybersecurity Financial Risks and Insurance – You Can Offset Some Risks, But Not All

From salaries and equipment replacement, to ransom demands, losses due to downtime, and much more, restoring systems and operations after a cyber attack can be expensive. While cyber insurance can help, it’s important to understand the exclusions and what your policy won’t help you recover.

Final touches being put on speakers.

2:15 PM - 2:30 PM


2:30 PM - 3:30 PM


Cybersecurity Culture and Leadership: Observations from the Field

To have a strong cybersecurity program, utilities need a pervasive cyber culture and an engaged leader.  Fortunately, leadership in cybersecurity can take many forms and be effective.


  • Andrew Hildick-Smith | OT Security Lead, WaterISAC 



  • Peter Hunt | Chief Information Officer, Boston Water and Sewer Commision

  • Bryon Black | Information Technology Manager, South Coast Water District, Calif.

  • Bill Fitzgerald | Director, Department of Public Works, Avon, Massachusetts

3:30 PM - 3:45 PM


3:45 PM - 5:30 PM

TTX on Cybersecurity*

*Additional registration will be required. There is no fee for already registered H2OSecCon Attendees.

Day Three | Pick Your Track*

*Day three will open with remarks from Eric Goldstein for both Track I and Track II, then you can pick your track.  

  • TRACK I: Cybersecurity - Taking it Up a Notch, Slightly More Technical

  • TRACK II: Physical Security - Round Two and TTX

Thursday, November 17, 2022

12:30 PM - 1 PM

Welcoming & Remarks

Eric Goldstein | Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA)

Track 1

Cybersecurity - Taking it Up a Notch, Slightly More Technical

1 PM - 1:45 PM


ICS/OT Threat Hunting – Find Them Before They Do Harm

A compromised ICS/OT/SCADA system threatens safety. U.S. water and wastewater utilities can’t afford to wait for an alarm to investigate an anomaly that could threaten safety. Utilities must be proactive and find threat actors lurking in our ICS/OT/SCADA networks before they compromise the critical systems that Americans rely on.

Final touches being put on speakers.

1:45 PM - 2:30 PM


MITRE ATT&CK® Framework for Industrial Control Systems – Common Knowledge for Communicating Malicious Behaviors

The MITRE ATT&CK® Framework provides a repository of common terminology for network defenders to communicate about real-world attacks. ATT&CK® for Industrial Control Systems builds on ATT&CK® by describing specific post-compromise actions and behaviors unique to attacks on ICS environments.


Otis Alexander | Principal Cyber Security Engineer, MITRE

2:30 PM - 2:45 PM


2:45 PM - 3:30 PM


Secure Remote Access for ICS/OT/SCADA – When You Absolutely, Positively Can’t Live Without It

While it’s preferable to prohibit remote access into an OT network, that’s often not the practical choice. For those times when you absolutely, positively need remote access, learn pragmatic, low-cost methods for doing it securely and about the risks when you don’t.


Gus Serino | Principal ICS Security Analyst, Dragos

3:30 PM - 4:15 PM


The Importance of ICS/OT Monitoring – Just Because We Can’t See Them, Doesn’t Mean They Aren’t There

Presently, we have much more visibility on our IT networks, but threat actors aren’t just attacking IT. In order to know who is after our OT environments, we need better visibility into them.


Michael Toecker | Cybersecurity Advisor, Department of Energy (DOE)

Track II

Physical Security - Round Two and TTX

1 PM - 2 PM


Final touches being put on speakers.

2 PM - 2:15 PM


2:15 PM - 4:15 PM

TTX on Physical Security*

*Additional registration will be required. There is no fee for already registered H2OSecCon Attendees.

4:15 PM - 4:30 PM

Closing Remarks