Seth Bromberger

Publications, Presentations, & Citations

• Cybersecurity of Critical Infrastructure
  2018 National Cyber Symposium, 9 October 2018
• Improving Estimation of Betweenness Centrality for Scale-Free Graphs
  Co-author, 17 November 2017
• LightGraphs: Our Network, Our Story
  JuliaCon 2017, 20 June 2017
• Cybersecurity and the Supply Chain: A Case Study
  California Network for Manufacturing Innovation Cybersecurity Summit, 27 October 2016
• An Introduction to the Cybersecurity Capability Maturity Model (C2M2)
  NORCAL AMSC Cybersecurity Forum, 17 August 2016
• Industrial Control Systems Security
  California Cyber Security Symposium, 30 September 2015
• Cyber Risk Isn’t Always in the Computer
  Wall Street Journal, 24 September 2015
• RSA Conference 2015 Wrap Up: Exclusive Q&A with Seth Bromberger of NCI Security
  Lancope Blog, 29 April 2015
• “Lies, Damned Lies, and Statistics”: Improving the Effectiveness of Indicators of Compromise
  Industrial Control Cyber Security USA conference (co-chairman) / Cyber Senate, 7 October 2014
• Incident Response, Management and Recovery Roundtable
  Industrial Control Cyber Security USA conference (co-chairman) / Cyber Senate, 6 October 2014
• Interview: Home Depot Security Breach
  KRON4 News, 18 September 2014
• “It won't happen to me”: Denial in the Age of Indiscriminate Attacks
  Wine Industry Technology Symposium, 30 June 2014
• Hackers Breach Security at EBay
  KRON4 News, 21 May 2014
• Defining Criticality in a Networked World: Implications of the Use of Information and Communications Technology for Efforts to Promote the Security and Resilience of Critical Infrastructure
  Co-author, 17 January 2014
• Graph Theoretic Approaches to Incident Response in Smart Grids
  Digital Bond S4x14, 16 January 2014
• Measuring Progress in Cybersecurity Efforts
  CyberSecurity for Energy and Utilities Abu Dhabi (chairman), 8 October 2013
• Threat Update for the Oil and Gas Sector
  CyberSecurity for Energy and Utilities Abu Dhabi (chairman), 7 October 2013
• Network Security Management for Transmission Systems
  Electric Power Research Institute, 15 January 2013
• ICSA-12-348-01: Siemens ProcessSuite and Invensys Wonderware InTouch Poorly Encrypted Password File
  ICS-CERT, 13 December 2012
• Cybersecurity: Getting Ahead of the Wave
  San Francisco Bar Assoc., 5 November 2012
• Architecture Roundtable
  GridSec 2012, 24 October 2012
• Assessing the Maturity of Your VM and Compliance Programs
  nCircle Connect, 23 October 2012
• The Electricity Subsector Cybersecurity Capability Maturity Model
  GridSec 2012, 22 October 2012
• New FERC Cybersecurity Office Has Lofty Oversight and Outreach Goals
  Threatpost, 25 September 2012
• Quantitative Threat Methodology
  Cybersecurity For Energy and Utilities Qatar, 18 September 2012
• Java 1.7 zero-day exploit unlikely to impact most Mac users
  TUAW, 28 August 2012
• Towards a Quantitative Threat Methodology
  GFIRST 2012 conference, 22 August 2012
• SMS sender spoofing possible on iOS: what you need to know
  TUAW, 17 August 2012
• Information Sharing Is The Only Way To Defeat The Cyber Onslaught
  Oil and Gas IQ Interview, 27 July 2012
• Advanced Threat Video Series
  Dell SecureWorks, 27 July 2012
• Utilities urged to increase vigilance over meter firmware, upgrades
  Smart Grid Today, 8 June 2012
• The Electricity Subsector Cybersecurity Capability Maturity Model
  Contributor, 31 May 2012
• Real World Security: Maximizing the Value of Your Security Investments
  Webinar, 30 May 2012
• Architecture of Secure Systems [for the Smart Grid]
  ConnectivityWeek 2012, 24 May 2012
• AMI Networks: PKI Security Considerations
  TechTarget Publications, 2 April 2012
• PKI Security Considerations For AMI Networks
  NESCO Webinar, 29 March 2012
• Security Logging in the Utility Sector: Roadmap to Improved Maturity
  Published Paper, 12 March 2012
• “;Me and My Job”; Profile in SC Magazine
  SC Magazine, 1 March 2012
• PKI Implications for AMI security
  RSA 2012 / IOActive IOAsis, 28 February 2012
• PKI Security Considerations for AMI, Smart Grid, and ICS Networks
  Published Paper, 12 January 2012
• Supply Chain of Cryptographic Key Material
  EyeForEnergy Conference, 27 September 2011
• Bridging the Gap Between Operations and Information Technology
  EyeForEnergy Conference, 27 September 2011
• SSL Certificate Scandal Exposes Bug in Mac OS X
  PC Magazine, 1 September 2011
• How to get rid of DigiNotar digital certificates from OS X
  TUAW, 1 September 2011
• Mac OS X Can't Properly Revoke Dodgy Digital Certificates
  IDG News, 31 August 2011
• Smart Grid Cyber Security, Myths & Opportunities
  ConnectivityWeek 2011, 26 May 2011
• Smart Grid Security East 2011: Interviews
  Youtube Video, 13 May 2011
• DNS as a Covert Channel Within Protected Networks
  Published Paper, 25 January 2011
• An Overview of AMI and Associated Deployment Challenges
  CMU, 15 November 2010
• Data Protection: EnergySec's plan for critical infrastructure
  CSO Magazine, 16 June 2010
• What if the smart grid has stupid security?
  RSA Conference, 11 March 2010
• RSA 2010: Hacking the Smart Grid -- Myths, Nightmares & Professionalism
  CMU CyLab, 3 March 2010
• Critical Condition: Utility Infrastructure
  SC Magazine, 1 February 2010
• Hunkering Down To Specify Smart Grid Security Standards
  RenewGrid, 15 October 2009
• Securing our Critical Infrastructure
  Cyber Security West Conference, 14 October 2009
• Sharing Threat Data Is Key To Securing The Power Grid
  GCN, 24 September 2009
• Electric Industry Creates Alternative Channel For Sharing Data On Infrastructure Security
  Washington Technology, 11 August 2009
• Powering Up - Prioritizing Security Threats
  Baseline Magazine, 27 May 2009
• The Energy Sector Needs Information Sharing, Too
  , 8 May 2009
• With Economic Slump, Concerns Rise Over Data Theft
  IDG News, 29 January 2009
• What Works in Security Control Systems
  SANS SCADA Security Summit, 9 January 2009
• The SCADA Honeynet Experience at INL
  Published Paper, 12 November 2008
• Computer Threat for Industrial Systems Now More Serious
  IDG News, 10 September 2008
• Software Watchdog Working On Enterprise Security Metrics
  IDG News, 9 August 2008
• How to Prioritize Threats (Without Spending Big Bucks)
  CSO Magazine, 17 April 2008
• Researcher Puts Quantitative Measurement on Information Security Threats
  Information Security Magazine, 15 March 2008
• Mitigations for the Aurora Vulnerability
  SANS SCADA Security Summit, 15 January 2008

Press Releases

• nCircle Expands Vulnerability Scanning For SCADA Devices
  nCircle, 23 June 2012
• DOE Selects EnergySec To Create The National Electric Cybersecurity Organization
  EnergySec, 14 October 2010
• Large Utility Implements Metrics Based Security Risk Management System with nCircle™
  nCircle, 2010
• Energy Sector Security Consortium Announces Founders' Circle Partnerships
  EnergySec, 23 September 2009
• Industry Group Expands Energy Security Initiatives
  EnergySec, 3 February 2009
• The Total Economic Impact™ Of SecureWorks’ Managed Security Services
  Forrester Research, 15 March 2008