Tony

Tony El Haiby

Associate Partner - Cross Competency MEA

IBM

SPEECH TOPIC & SYNOPSIS

OT Security: Understanding OT Security Threats , Challenges & Mitigations

In this talk the speaker will explain the unique security challenges and differences between IT, OT, and why they are converging. He will provide recent examples of OT systems that are prone to compromise in Saudi Arabia, demonstrate how to use OT/IOT hacking tools such as Shodan to conduct reconnaissance and testing on OT and IOT targets in Saudi Arabia. Also, speaker will provide an overview of Shamoom 1, 2, and 3, and explain lessons learned and mitigations. Lastly, he will conclude by discussing the approach to building an OT Security strategy.

BIO

Tony is an experienced information security professional with 14+ years of global experience in the information security field having served multiple sectors: Energy & Utility, Public sector, Financial sector, and Telco; his experience covers a multitude of disciplines and expertise in various information security domains such as strategic information security program implementation, Cyber Defense Center (CDC) build, threat analysis, breach response and incident management, big data analytics and threat hunting, cyber compromise assessment, malicious activity assessment, data leakage assessment, network security designs and architectures, ISO 27001 implementation, vulnerability management, business continuity management / cyber resilience, and risk assessment.

As a trusted advisor, Tony is an excellent communicator and negotiator capable of influencing at various organizational levels. While he enjoys challenging security projects, his true focus is ensuring his clients achieve a capability that aligns with the organization’s business needs.

Key achievements:
• Managed complex cybercrime investigation that netted over $300 million USD for a financial services client by swiftly coordinating the investigation with international partners in both the public and private sector, ensuring communications secured via various platforms to internal and external stakeholders, and harmonizing integration of efforts among the nation states involved.

• Designed and led the build of the National Cyber Defense Center for 2 countries.

• Designed the Cyber Defense Center for one of large Oil & Gas companies globally.

• Conducted 3 major breach responses for 3 Fortune 500 companies, 5 for 4 governmental entities, and multiple other breach responses for large companies in many regions of the world

• Acted as principal advisor for 5 years to executive directors and C Suite level resources to manage responses to cybercrime aimed at government ministries, national administrations, and critical infrastructure including energy, oil and gas, telecommunications and financial services organizations on a global basis.