Veteran-Owned Cybersecurity Consultancy

Securing operations without disrupting them.

ICS, SCADA, and OT security assessments, penetration testing, open-source tooling, and SANS training for organizations that operate critical infrastructure.

Where To Start

How Can We Help?

Whether you're a student, a practitioner, or an organization looking for assessment services -- here's how to find what you need.

Learn

Training, mentoring, and course resources for students and practitioners entering ICS/OT cybersecurity.

Use Our Tools

Free, open-source projects for ICS/OT security assessments, hardening, and research.

Work With Us

Security assessments, penetration testing, and research for industrial environments.

Our Expertise

Security Skills

Four disciplines that define our approach to securing industrial environments.

Aggressors

We look at your technology the way adversaries do, searching for the unintended uses, the overlooked paths, and the creative misuse of what was built for another purpose. We do not design industrial processes, but we know how to find the paths through them that others would exploit. Authorized penetration testing and bench testing, conducted with the discipline an ICS/OT environment requires.

Defenders

We help teams prevent, detect, respond, and recover cost-effectively, in ways that fit how your operations actually run. Our offensive work feeds directly into stronger defenses. We focus on implementation issues rather than vulnerabilities, because the devices and solutions in your environment were chosen for a reason. And we threat hunt, looking for what adversaries may already be doing, to shrink the gap between detection, response, and protecting operations.

Researchers

We pull apart devices, protocols, and technologies to understand how they actually work. What we learn goes back to clients, vendors, and the broader community so people can see what they know about their environments, and what they do not. The goal is better decisions across every phase of operations. Many vendors, and too many integrators, miss the minute technical details that have the biggest impact on operational risk. We help teams find and address those details.

Instructors

Knowledge spreads beyond the classroom. Teaching ICS/OT cybersecurity concepts around the world makes industries stronger, makes threat actors' work harder, and prepares the next wave of practitioners to carry the torch. We contribute through SANS courses, workshops, open source projects, conference presentations, and volunteering with non-profit organizations.

Recent

Proxmox AI Development Lab

April 11, 2026·5 mins

ICS/OT/SCADA Technical

TL;DR # Setting up a proper Windows testing environment for ICS/OT security tool development goes beyond spinning up a single VM. You need multiple Windows versions, from legacy Windows 7 through Server 2022, templated, sysprepped, and network-isolated so you can rapidly deploy clean test systems and tear them down when you’re done. This post summarizes my experience building a Proxmox-based development lab with automated VM management for testing Sysmon configurations and security scripts across every supported Windows version. The complete setup guide is available as a PDF download. We document these projects to both remember what we have done and also help others with similar projects.

Building a Local AI Development Server with Framework Desktop

February 7, 2026·4 mins

TL;DR # Using AI/LLM goes beyond using ChatGPT, Gemini, and Claude. Running large language models (LLMs) locally eliminates cloud dependencies, keeps sensitive data on-premises, and provides the computational muscle needed for AI-assisted security research. This post summarizes my experience building a dedicated AI development server using the Framework Desktop with AMD’s Ryzen AI Max+ 395 processor — a system capable of running 70B parameter models entirely in local memory.

Starting Cybersecurity Program for Small ICS / OT Teams

February 26, 2025·7 mins

ICS/OT/SCADA

This morning I was thinking about completing an article I was writing about KPIs and OKRs. The more I wrote, the more I realized I was just regurgitating research and making pity comments. Which means, it was crap. So, I refocused and turned to AI to help me. I ask Google’s Gemini the following question.

Remote Access To Your BESS and You

February 19, 2025·3 mins

ICS/OT/SCADA

This last week was the week of Battery Energy Storage System (BESS). Joe Weiss released a blog post titled Cyber-vulnerable battery systems are catching fire and communicate directly to China where he discusses his concerns about threat actors from the People Republic of China (PRC) remotely accessing BESS deployments in the United States. While I share the concern I am not a fan of “reading between the lines” to correlate an event with threat actor activities.

Unrestricted Access to Your Critical Infrastructure - The U.S. Treasury

February 8, 2025·7 mins

ICS/OT/SCADA

The US Treasury Department is an industrial control environment integrated with an active business environment. This organization collects taxes, pays bills for the United States, produces coins and currency (ICS controllers, field devices, servers, and applications), manages government accounts, and enforces tax and finance laws. The recent access to access that has been provided to the Department of Government Efficiency (DOGE) team equates unmoderated administrative access to this control environment. The US Treasure Department one piece of the United States’ critical infrastructure.

Accelerating IACS / OT Cybersecurity Improvements

January 17, 2025·4 mins

ICS/OT/SCADA

Today I had to remind myself to tell a team leader about an IT cybersecurity team member that provides superior security assessment work for a utility client. The IACS and OT industry likes to say that IT administrators and cybersecurity professionals cannot provide good guidance or do active assessments safely in production environments. This individual’s contributions to the vulnerability assessment of complex production and test environments continues to be invaluable and has helped to improve the design and deployment of solutions affecting millions of people supported by the utility.

↑