Mandie Grosskopf
Mandie has a passion for expanding traditional InfoSec governance to include complex and non-traditional environments, including OT, IoT, IoMT, IIoT, and more. She leads governance design and expansion across sectors such as Healthcare, Manufacturing, Maritime, and Pharmaceuticals, with a strong focus on incident response and post-incident remediation. Mandie also supports clients through gap analysis and strategic roadmap development as they work towards compliance with the EU Cybersecurity Resiliency Act.
Mandie currently holds certifications in GIAC Response and Industrial Defense (GRID), Network+, Security+, Cybersecurity Analyst+, and Security Analytics Professional.
Session
In OT environments, it is easy for cybersecurity programs to look robust on paper, but what happens when those same environments are put under the lens provided by a penetration test? In this talk we examine the results of pairing an OT Cybersecurity Maturity Assessment with an OT Penetration Test at the same facility, revealing a consistent pattern: the documented controls and expected risk posture don’t match what is actually happening on the wire.
We will walk through anonymized case studies across several sites at multiple organizations in multiple geographical locations, highlighting that the results we expected based on governance were not always upheld by the reality we found with technical assessments. The goal of this talk is to demonstrate how gaps can form between OT security program standards and actual operational reality. Attendees will walk away with practical recommendations on how to test and validate expectations and risk.