Live Webinar:

Join Robert M. Lee on Dec. 8 as he shares strategies for effectively communicating with your board about the critical need for additional funding in OT cybersecurity.

Skip to main content

Six Steps to Effective ICS Threat Hunting

Friday, November 22nd, 2019 at 1:00 PM EST

On November 22 Dragos Principal Threat Analysts Dan Gunter and Marc Seitz will be joined by Tim Conway, Technical Director – ICS and SCADA Programs at SANS, to introduce a 6-step ICS threat hunting model. They’ll demonstrate how to apply it to real-world threat hunting scenarios, pinpoint adversary behavior patterns, and stop ICS threats from going undiscovered.

What Youll Learn:

  • Why proactive threat hunting is necessary for ICS cybersecurity defense
  • How to complete effective threat hunting
  • What adversary behavior patterns look like
  • How to apply the model to real world threat hunting scenarios
  • How to measure the effectiveness of threat hunts
Speaker Bios

Tim Conway

Technical Director – ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

Marc Seitz

Mark coordinates industrial control system cyber test lab functions and performs ICS threat hunting services for Dragos customers.

He designs and implements innovative simulated industrial environments to provide a safe and realistic training and attack simulation experience for internal and external analysts. He also conducts onsite vulnerability assessments and threat hunting services. Marc studied Cyber Operations while at the United States Naval Academy where he was exposed to a wide variety of topics including networking, programming, legal, and cyber warfare.

Dan Gunter

Dan Gunter is a Principal Threat Analyst and discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. He performs threat hunting, incident response, and malware analysis mission for the industrial community. Previously he served in a variety of Information Security roles as a Cyber Warfare Officer in the US Air Force and as a technical advisor on security and acquisition issues. Dan is a graduate of the Department of Defense’s elite Computer Network Operations Development Program (CNODP) and the Air Force Research Lab’s Advanced Course in Engineering Cyber Security Boot Camp (ACE). He has spoken at Blackhat, Shmoocon and local information security events.

Meet Dragos experts at our next event

See our ICS cybersecurity experts in action at our upcoming events and webinars.
Compact DISC Australia 2023

Melbourne, AUS


RSAC 2024

Miami South Beach

05.06.24 - 05.09.24

Gartner Security & Risk Management Summit 2024

National Harbor, MD

06.03.24 - 06.05.24

Christophe Culine
Ken Crocken
Jacob Benjamin
Talk to a Dragos Expert

Want to speak with a Dragos analyst or business development representative at an upcoming event? Email us at to schedule an appointment.

Can't wait for the next event to hear from our team?

Read our blog and the latest frontline content to satisfy your cybersecurity needs.