Ronald Heil

Biography

ir. R. (Ronald) Heil (MSc.) CISSP CISA is employed at KPMG IT Advisory (KPMG ITA) in The Netherlands as Senior Manager / Security Specialist for the business unit ICT Security & Control (ISC).

He has more than 11 years of relevant experience with IT Security. He specialised in large scale IT Audits (support financial auditing, SOX, GITC and ISF compliancy schemas) and security framework reviews, black-, grey- and white-box penetration testing, networking & infrastructure security design or review, (web) application security, wireless networking and security, mobile technologies, and technical Identity & Access Management (IAM). He is also actively involved with KPMG’s initiatives related to Advisory, Audits and penetration testing on Process Control Networks.

Ronald is recognized as trainer and speaker for national and international conferences on IT Security and Information Security (e.g. RSA Europe, ISSE, ISF, etc.). He is frequently involved as lead on national and international security workshops regarding security frameworks like COBIT, ISO 27001/2, ITIL, BS7799, security awareness and complex technical security issues.

Besides a broad range of technical knowledge he is also experienced with a broad range of organisational and managerial aspects. In addition, Ronald coordinates the ISF (Information Security Forum) membership for KPMG worldwide, including associated events and publications.

Presentation: Process Control Networks

Although not always known, Process Control Systems, often also referred to as SCADA, are crucial for our society. These systems can be found throughout our industries and our live – from power plants, refineries  to water processing facilities to for example traffic light controlling. Despite the importance, the state of security of those crucial components is often not (or even almost never) what should be expected. Caused by a lack of security focus on the layers people, process and technology. Often non-security aware people manage complex, real-time processes using technology that is frequently used for purposes outside of the original design scope. In this presentation we will provide insight in our daily experience, by sharing our overall findings related to performed Audits, Advisory and penetration tests on Process Control Networks. Particularly, we will provide in depth technical details on a “process control” system that you wouldn’t expect to have the functionality we discovered. The goal of the presentation is to provide additional insights, that help you in addressing potential vulnerabilities and unchecked areas at your own company.