Speakers
Siegfiried Hollerer
Andreas Happe
Agenda
17:15 - Webinar waiting lobby opens
17:30 - Start of Presentation
18:30 – Questions & Answers
19:00 – Estimated Finish
Synopsis
Operational Technology (OT) encompasses a wide variety of programmable systems and devices that have direct or indirect interactions with the physical environment. These technologies are integral to numerous sectors such as manufacturing, energy, transportation, medical, and utilities, where they play a crucial role in the operation and management of physical processes.
As OT systems become more interconnected and integrated with Information Technology (IT) networks, they face increased vulnerability to large-scale cyber attacks. This integration, while beneficial for operational efficiency and data sharing, exposes OT systems to the same cyber threats that typically target IT environments.
The goal of the OWASP OT Top 10 is to raise awareness about the top security risks and vulnerabilities specific to OT environments. By providing actionable recommendations, we aim to improve the security posture of OT systems and protect critical infrastructure from cyber threats.
This talk presents the new release of the initial OWASP OT Top 10 to a broader audience to achieve awareness if its existence, alignment with the state-of-the-art and applicability in the OT domain.
SPEAKER BIOGRAPHIES
Siegfried Hollerer
Siegfried has seven years of experience as a penetration tester, focusing on the analysis of web applications, IT/OT infrastructures, and social engineering attacks. In addition to his practical experience, he has obtained an OSCP certificate. Furthermore, Siegfried has gained experience in incident response.
During this time, he also carried out security management consultations, audits and certifications based on the OT security standard IEC 62443 and the IT security standard ISO 27000. Since 2020, he has conducted scientific research into the integrated modelling of IT and OT security requirements in combination with functional safety and quality requirements.
This has resulted in several publications, which are accessible via IEEE, ACM, Elsevier and Springer. During his research, he identified the vulnerabilities CVE-2021-47662, CVE-2021-47663, and CVE-2021-47664.
In 2023, Siegfried joined the Federal Ministry of the Interior (BMI) in Austria as a security architect and analyst to enforce the “Netz- und Informationssystemsicherheitsgesetz” (NISG), which is the national implementation of the NIS EU directive [cf. Directive (EU) 2016/1148] .
He also works as a lecturer at St. Pölten University of Applied Sciences, delivering lectures on web application and infrastructure penetration testing, network traffic analysis and reverse engineering, and supervising bachelor's and master's theses. Siegfried has been OWASP OT Top 10 Project Leader since 2025.
Andreas Happe
Andreas started out as software developer but got lured into pen-testing by the offer of free coffee. After 10 years of pen-testing, he started a PhD focusing on the use of LLMs for offensive security and started to freelance as pen-tester, app-sec professional, and ISO27001 auditor.
During this journey, he collected some certifications (e.g., OSCP, CRTE, CARTP, PNPT, COSP), taught web-security at the University of Applied Sciences in Vienna, and became co-leader of three OWASP projects/chapters, the most recent one being the OWASP OT Top 10. Still loves coffee.
Our events are for adults aged 16 years and over. Image by Markus Spiske
BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today
This event is brought to you by: Cybercrime Forensics specialist group
